what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 936 RSS Feed

Files Date: 2012-08-01 to 2012-08-31

Zero Day Initiative Advisory 12-174
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-174 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw is a directory traversal in the UploadFilesHandler url that allows you to upload files to the server into a directory on the server that allows for scripting. This vulnerability could lead to remote code execution under the context of the current process.

tags | advisory, remote, arbitrary, code execution
SHA-256 | 4ee84abc0ed60faa0ef4eaf23e562588e583a3ba9fdbd25999ffb6342ecf1e64
Zero Day Initiative Advisory 12-173
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-173 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One of those calls is getSiteScopeConfiguration() which will return the current configuration of the server including the administrator login and password information. A remote attacker could abuse this vulnerability to login to SiteScope with administrative privileges then execute arbitrary code through the underlying functionality.

tags | advisory, remote, arbitrary
SHA-256 | 3664679a0798fdfd213eb09c398b686510ec5256a83ac88387b3ba49d44830c2
Zero Day Initiative Advisory 12-172
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-172 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Operations Orchestration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RSScheduler service JDBC component of Operations Orchestra which listens by default on TCP port 9001. The component is vulnerable to SQL injection attacks. Remote, unauthenticated attackers can exploit this vulnerability by injecting malicious SQL into the target, which could ultimately lead to arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, code execution, sql injection
SHA-256 | 2e6296934e9eb31a41004fb77a403dabf9b037e9f8ff4edde0c15edcccb89a28
Zero Day Initiative Advisory 12-171
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-171 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is not required to exploit this vulnerability. The flaw exists within the uam.exe component which listens by default on UDP port 1811. When logging received actions to a log file, sprintf is used to build the log message. The process does not properly verify the destination buffer on the stack is of sufficient size to handle the newly created string. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
SHA-256 | 72b76f5f036df5670bf0135032f957301d5d812167752414d6bc378a702e8dc4
Zero Day Initiative Advisory 12-170
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-170 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard Application Lifecycle Management. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XGO.ocx ActiveX control. The control exposed two vulnerable functions: 'SetShapeNodeType', which is vulnerable to a type confusion allowing user specified memory to be used as an object; and 'CopyToFile' which allows an attacker to create and overwrite files on the system of the user invoking the control. The attacker can utilize these vulnerabilities to execute remote code under the context of the process.

tags | advisory, remote, arbitrary, vulnerability, activex
SHA-256 | d3c9828441c320ddd3cc9e187105d893074559a023cf494f12db26998b203cae
Zero Day Initiative Advisory 12-169
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-169 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy Historian. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the KeyHelp.ocx ActiveX control. The control contains a LaunchTriPane function that allows launching of the HTML Help executable (hh.exe) with customized command line parameters. By using the -decompile switch, an attacker can specify the folder to decompile to and a UNC path to a specially crafted .chm file. The attacker can utilize this vulnerability to execute remote code under the context of the process.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2012-2516
SHA-256 | 1d9cc5e9c9e4b44c3492912b95ec7b4338a90ddb678216b44fd28eec565c9802
Zero Day Initiative Advisory 12-168
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-168 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Thin Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ISSymbol.ocx ActiveX component. The process performs insufficient bounds checking on user-supplied data passed in as the 'InternationalSeparator' parameter which results in a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2011-0340
SHA-256 | d3906c04c1551295a1d49431e04af6182300549f596f348f989e9e3ea751e535
Zero Day Initiative Advisory 12-167
Posted Aug 29, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-167 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The specific flaw exists within NFRAgent.exe which communicates with the Agent component over HTTPS on TCP port 3037. When parsing tags inside the VOL element, the process performs insufficient bounds checking on user-supplied data prior to copying it into a fixed-length buffer on the stack. This vulnerability can result in remote code execution under the context of the SYSTEM account.

tags | advisory, remote, web, arbitrary, tcp, code execution
SHA-256 | 69ef2ff5d98292fa291bf2211351fecf6a6b0eb8a1a5ff2d20882a59592c9bb3
Mandriva Linux Security Advisory 2012-146
Posted Aug 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-146 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Many of these issues are potentially exploitable, allowing for remote code execution. Various other issues have also been addressed.

tags | advisory, remote, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3972, CVE-2012-3974, CVE-2012-3976, CVE-2012-3978, CVE-2012-3980
SHA-256 | d9b0e412f5ed192520dfac9c307c9df27ba2b4bccfafea9d868885005ffef2eb
Mandriva Linux Security Advisory 2012-145
Posted Aug 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-145 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Abhishek Arya of Google Chrome Security Team discovered a series of use-after-free issues using the Address Sanitizer tool. Security researcher Mariusz Mlynski reported that it is possible to shadow the location object using Object.defineProperty. This could be used to confuse the current location to plugins, allowing for possible cross-site scripting attacks. Various other issues have also been addressed.

tags | advisory, xss
systems | linux, mandriva
advisories | CVE-2012-1956, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3965, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3974, CVE-2012-3975, CVE-2012-3976
SHA-256 | 9fbb0084a57f0671e6c2c0ce4d1e2841a703b2cf91116f2f1ffd7567ef4804dc
Red Hat Security Advisory 2012-1211-01
Posted Aug 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1211-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Content containing a malicious Scalable Vector Graphics image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3972, CVE-2012-3978, CVE-2012-3980
SHA-256 | 8c97839258033a6c0ad46097a7e78aa875b3917ef4f5ccb91b32af7bc915816e
Red Hat Security Advisory 2012-1210-01
Posted Aug 29, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1210-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A web page containing a malicious Scalable Vector Graphics image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3972, CVE-2012-3976, CVE-2012-3978, CVE-2012-3980
SHA-256 | 9b5a9cea8f65e07fb2da4b3a175b7587efbc9e0360d69000b2ead87872003321
ASP-DEv XM Forums RC 3 SQL Injection
Posted Aug 29, 2012
Authored by Crim3R

ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection, asp
SHA-256 | 9c3c3c591231a4c49635d09fc01ed180df0ee82e372b40ddb6a9cddc63595ffc
Puma.com Cross Site Scripting
Posted Aug 29, 2012
Authored by TayfunBasoglu

Puma.com suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 9a6077194d65dfacc4d2f18883f2652b3d4f693d2182054e755895b95d48e936
Secunia Security Advisory 50088
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 7938b500996336df96808c40f3d1aa2ec7ab56a086cb184341748ff728e6ec44
Secunia Security Advisory 50446
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Mono, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | c1aa8c327a4f7c4470540686f5c87599e018b3b674100c125d0ee45adc7f87b0
Secunia Security Advisory 50434
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | 13825168a3825675f25b18e32c52792602c8715895e204ddd5686bdd69a09e47
Secunia Security Advisory 50432
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for libgdata. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, ubuntu
SHA-256 | 1a1587258c7647774a0fb54acfc08e82810406e76fa1a452dae41c42985155eb
Secunia Security Advisory 50436
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct phishing attacks, and compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | b63a1f551a67861ee8ae508d94306fe2f1b051184498da150c1ea24186ccf39a
Secunia Security Advisory 50437
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 0233ca4e89f1d124dce0ee10ec07c604bba6346399daddcf115256f273e09d7e
Secunia Security Advisory 50349
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in op5 Monitor, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site request forgery attacks.

tags | advisory, vulnerability, sql injection, csrf
SHA-256 | 6928f7f24b305bcb57a4ef0c47d4f2bdd2a2fbc039798601ad93185af8805548
Secunia Security Advisory 50308
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Thunderbird, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 0a4d844a10cfd1f352896a2efa65a6dba99d9258f0e5537a916317c43da1e234
Secunia Security Advisory 50417
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Atlassian Bamboo, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 2814041ba8fc9db7912b83beca6dadd7cf24dea41de74cff6cb686a2056a8e6d
Secunia Security Advisory 50415
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two weaknesses and some vulnerabilities have been reported in Atlassian JIRA, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks, conduct spoofing attacks, and bypass certain security restrictions.

tags | advisory, spoof, vulnerability, xss
SHA-256 | e60dc08ba01e11022bcb5b67df20aa62ee01b2897f073690ddce646028c8fd97
Secunia Security Advisory 50331
Posted Aug 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in SeaMonkey, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and compromise a user's system.

tags | advisory, vulnerability, xss
SHA-256 | 624455266972714285a26f15f0a55cb838bb98c054ad76109a940de78fdeabb6
Page 4 of 38
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close