what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 756 RSS Feed

Files Date: 2012-10-01 to 2012-10-31

Drupal MailChimp 7.x Cross Site Scripting
Posted Oct 25, 2012
Authored by Klaus Purer | Site drupal.org

Drupal MailChimp third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | f3f278c3015df5f15e0cb152e82650a5ee9497958bd4a900e7edc2e66be4dfda
WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
Posted Oct 25, 2012
Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 8eac246e079c2e20610ea5b3fb4b19023d217d4774055a243a7bbe5f34191b0c
WAF-FLE ModSecurity Console 0.6.0rc1
Posted Oct 25, 2012
Authored by Klaubert Herr | Site waf-fle.org

WAF-FLE is a console for ModSecurity. It allows modsec administrators to view and search events logged by mlogc or mlog2waffle. The dashboard shows a graphical view of events, and when combined with the powerful drill-down filter allows quick searching for relevant events. Events can be viewed in detail, whether sent by one or many sensors.

Changes: This is a major release, with many new features, improvements, and bugfixes. You can now use filters in the dashboard. All charts and tables are clickable for drilling down into data. Compression of full events was implemented, saving around 60% of space. A setup script helps with dependency checking and database creation/migration. mlog2waffle was included - a daemon that works as a replacement to mlogc.
tags | tool
systems | unix
SHA-256 | 122813253c79cd040ff61afd735813c66e290c911fabf78025fc7d9446b1ab7d
Oracle Java Font Processing Glyph Element Memory Corruption
Posted Oct 25, 2012
Authored by Matthieu Bonetti, VUPEN | Site vupen.com

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE / JDK 7u7 and below are affected. The vulnerability is caused by a memory corruption error within the "t2k.dll" component when processing certain glyph elements within a Font file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, java, remote, web
SHA-256 | 66dc6819b2fe3e487c6074ac50782425eb1e8e4d69820a4cb144ef9adcd00ea1
HP Security Bulletin HPSBUX02824 SSRT100970
Posted Oct 25, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02824 SSRT100970 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote execution of arbitrary code and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, arbitrary, vulnerability
systems | hpux
advisories | CVE-2012-0574, CVE-2012-1682, CVE-2012-3136, CVE-2012-4681
SHA-256 | 78f272422d048e4e353a3f120e9e9677eea2dbf0861182ca760963e7f7893d0e
Wysiwyg Imagelibrary Traversal
Posted Oct 25, 2012
Authored by Geek

The Wysiwyg Imagelibrary add-on suffers from a directory traversal vulnerability in select_image.php.

tags | exploit, php, file inclusion
SHA-256 | f95d8cfa9bbf990cef1d2f8027dcd10b67902dbbb539bb26ac86b28d980af3a3
Drupal Time Spent 6.x / 7.x XSS / CSRF / SQL Injection
Posted Oct 25, 2012
Authored by Greg Knaddison, Dylan Riordan | Site drupal.org

Drupal Time Spent third party module versions 6.x and 7.x suffer from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection, csrf
SHA-256 | 2df973f2a15a6e618c72e67e0bd048acde9269ee5bdef3678b3179a29ed6aeb6
Oracle Java Font Processing "maxPointCount" Heap Overflow
Posted Oct 25, 2012
Authored by VUPEN, Florent Hochwelker | Site vupen.com

The VUPEN Vulnerability Research Team has discovered a critical vulnerability in Oracle Java. Versions JRE/JDK 7u7 and below are affected. The vulnerability is caused by a heap overflow error within the "t2k.dll" component when processing a malformed "maxPointCount" field within a Font, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.

tags | advisory, java, remote, web, overflow
SHA-256 | d9af8230d41a685d5e7bb40755a541e997054f9dc783a564ea76685d82b0f2cd
Inout Article Base Ultimate SQL Injection / CSRF
Posted Oct 25, 2012
Authored by Akastep

Inout Article Base Ultimate versions prior to 2 suffer from cross site request forgery and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
SHA-256 | 831d1c4d5bb5f52d532ddd88097b54985d05095d7c28b49e19626e680e99fa2a
ClanSphere 2011.3 Local File Inclusion / Remote Code Execution
Posted Oct 25, 2012
Authored by blkhtc0rp

ClanSphere version 2011.3 suffers from a local file inclusion vulnerability in the cs_lang cookie parameter. This advisory has two exploits included and one of them uses /proc/self/environ to launch a connect-back shell.

tags | exploit, shell, local, file inclusion
SHA-256 | 50280bcb8c3b2e6ce87a096338f3c12375645758f8f387468802187432e5f378
Ubuntu Security Notice USN-1616-1
Posted Oct 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1616-1 - It was discovered that Python would prepend an empty string to sys.path under certain circumstances. A local attacker with write access to the current working directory could exploit this to execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. It was discovered that the audioop module did not correctly perform input validation. If a user or automated system were tricked into opening a crafted audio file, an attacker could cause a denial of service via application crash. These issues only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2008-5983, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2012-2135, CVE-2008-5983, CVE-2010-1634, CVE-2010-2089, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150, CVE-2012-2135
SHA-256 | 1931d6208c03b7c6be3e7c9a1e3f736d6f4ffc3c455852a5625822b4d83fefbe
Secunia Security Advisory 50910
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have discovered in the Poll plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 455fccc89e3040b1c235441dbde5aa98a6de2b96e00f7a2a02d6f90e8a35a4f2
Secunia Security Advisory 50829
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Janek Vind has discovered multiple vulnerabilities in phpMyBitTorrent, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose sensitive information and conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 53fa64da5dd0648e308ea955ab652574925e5f3e36273aaf934d88bd94d27f9f
Secunia Security Advisory 50928
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in ManageEngine SupportCenter Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 2a3b28993512806dc4f54fb2381ba2b7940312a3421e945e36442567a24e7a75
Secunia Security Advisory 51091
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in bitweaver, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | cb57afab30e60d42d505ad49991abdd79dd346a49e0ab029f4c557f07d141ae3
Secunia Security Advisory 51095
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and some vulnerabilities have been reported in Liferay Portal, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions and by malicious people to bypass certain security restrictions.

tags | advisory, vulnerability
SHA-256 | 2e22d562ee582ca39eed1bfd2791c7ab77388599ea15ccd64e29cdc14f131cf2
Secunia Security Advisory 51078
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a vulnerability in BIND included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | solaris
SHA-256 | 377fcec8ccb5d3afaa3b2a0c5da9fff73b7a783db9ac69d7f3074cd1a64e4adc
Secunia Security Advisory 51096
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for BIND in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | hpux
SHA-256 | 159b13700d34bdb42ac319914b7e934f3c797e944822925df7e008353bd35ca8
Secunia Security Advisory 51083
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in JetPort 5600, which can be exploited by malicious people to compromise a vulnerable device.

tags | advisory
SHA-256 | f103fc42db133ea79bf8f583dc73e7319850dc5b14089aff2f8bbfa9a6349c4d
Secunia Security Advisory 51106
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged a vulnerability in BIND included in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | aix
SHA-256 | e739c6087ff7bd355356f7ecb8ff5482ff666da21bb9d06e620395b43f01a92d
Secunia Security Advisory 51090
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 3a2ce50669fae76c79e644591426a5eea70a31fd36df3f92e57905356c364a48
Secunia Security Advisory 51072
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for viewvc. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

tags | advisory
systems | linux, debian
SHA-256 | 55d25a13383746e17fe304c76788e4ce5685a2fdbdaaa92a82b23baa35b8d04f
Secunia Security Advisory 50834
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Charlie Eriksen has discovered a vulnerability in the Cimy User Manager plugin for WordPress, which can be exploited by malicious people to disclose certain sensitive information.

tags | advisory
SHA-256 | 5920b46e6a37f8f0c0856c6f3c280ac5e1e46d6e773ac0474f6db20c98a90af1
Secunia Security Advisory 50970
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for iceweasel. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 99ce0e0a5ba0821fe4b933cdb75a1074ff77bd5a53ac6150297730c1f1d47d51
Secunia Security Advisory 51074
Posted Oct 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for tinyproxy. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, debian
SHA-256 | 8b80323beff76c6de456719b84dab7f0b0dd493408892a9df5a8cdf2c2b19fb9
Page 5 of 31
Back34567Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close