exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 34 of 34 RSS Feed

Files Date: 2012-11-08 to 2012-11-09

Cisco Security Advisory 20121107-acs
Posted Nov 8, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Secure Access Control System (ACS) contains a vulnerability that could allow an unauthenticated, remote attacker to bypass TACACS+ based authentication service offered by the affected product. The vulnerability is due to improper validation of the user-supplied password when TACACS+ is the authentication protocol and Cisco Secure ACS is configured with a Lightweight Directory Access Protocol (LDAP) external identity store. An attacker may exploit this vulnerability by sending a special sequence of characters when prompted for the user password. The attacker would need to know a valid username stored in the LDAP external identity store to exploit this vulnerability, and the exploitation is limited to impersonate only that user. An exploit could allow the attacker to successfully authenticate to any system using TACACS+ in combination with an affected Cisco Secure ACS. Cisco has released free software updates that address this vulnerability. There are no workarounds for this vulnerability.

tags | advisory, remote, protocol
systems | cisco
SHA-256 | 6b37d5f0fcb0a7ad665204627872dfe1cc01d178190b5abefa4d0e4c5dc0f7b2
Cisco Security Advisory 20121107-n1k
Posted Nov 8, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Product Security Incident Response Team (PSIRT) would like to notify customers of an issue that may impact their network security posture when upgrading the Cisco Nexus 1000V Series Switches to Software Release 4.2(1)SV1(5.2) with deployments that have Cisco Virtual Security Gateway (VSG) integration. This issue will manifest itself when administrators perform an in-service software upgrade to Software Release 4.2(1)SV1(5.2) from Software Release 4.2(1)SV1(5.1a) or earlier. After the software upgrade, a bug in Software Release 4.2(1)SV1(5.2) could cause all the virtual Ethernet ports on the Virtual Ethernet Modules (VEM) of the Cisco Nexus 1000V Series Switch to stay in No-Policy pass-through mode because a valid VSG license is not actively installed. As a result, the VEMs no longer use a configured Cisco VSG; therefore, the virtual machines (VM) are not firewalled and traffic is not inspected by the VSG.

tags | advisory
systems | cisco
SHA-256 | e173bf86ec7f8fa6a6b464720bcc4ee2a42d6116b5425370d71bcba2ab7c0932
CMS Made Simple 1.11.2 Cross Site Request Forgery
Posted Nov 8, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

CMS Made Simple version 1.11.2 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2012-5450
SHA-256 | 56b7ba7d70e2826a7429d5920fa59759fa5a8af3573cf4be2e6001b5dd4f93f6
WordPress Cardoza Ajax Search 1.1 SQL Injection
Posted Nov 8, 2012
Authored by Marcela Benetrix

WordPress Cardoza Ajax Search plugin version 1.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6d06edc690468130eea58db8d0ab4a2dea23f89736468d08ea1c22e5d776891b
Invision Power Board 3.3.4 Unserialize REGEX Bypass
Posted Nov 8, 2012
Authored by webDEViL

Invision Power Board versions 3.3.4 and below unserialize REGEX bypass exploit.

tags | exploit, bypass
SHA-256 | ad210687f42887baff2de52193e65980c72d969f3690120bb695a84ed8356c42
Red Hat Security Advisory 2012-1434-01
Posted Nov 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1434-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code.

tags | advisory, java, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-4540
SHA-256 | e12c1a7ac098b253d5904f7b8d1a5e58645a2d4e038151635e4b4d092c2364e7
Ubuntu Security Notice USN-1625-1
Posted Nov 8, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1625-1 - Arthur Gerkis discovered a buffer overflow in the Icedtea-Web plugin. If a user were tricked into opening a malicious website, an attacker could cause the plugin to crash or possibly execute arbitrary code as the user invoking the program.

tags | advisory, web, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4540
SHA-256 | a92fca9c17ea5986598988a1bba2a4d8928f0d51cde5e65dffe0984b58c4a3d2
Red Hat Security Advisory 2012-1431-01
Posted Nov 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1431-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes several vulnerabilities in Adobe Flash Player. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5278, CVE-2012-5279, CVE-2012-5280
SHA-256 | 74298bcda64541105929f42feb938eef94253e1da00fe43d7bf9c10b934de15d
Xivo 1.2 Arbitrary File Download
Posted Nov 8, 2012
Authored by Mr.Un1k0d3r

Xivo version 1.2 suffers from an arbitrary file download vulnerability that has root level privileges.

tags | exploit, arbitrary, root, info disclosure
SHA-256 | 90bc356292d4e2c8b7ec5bea519259471c2c2b2e02033c5c7c17b56a1dfa0893
Page 2 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close