what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 36 of 36 RSS Feed

Files Date: 2012-11-30 to 2012-11-30

Drupal Zero Point 6.x / 7.x Cross Site Scripting
Posted Nov 30, 2012
Authored by samatha | Site drupal.org

Drupal Zero Point third party module versions 6.x and 7.x suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 6347995ee546668a1cb10c9e6dcb8474565196af6e987f78ce2ca60daf7cdbf0
Drupal Webmail Plus 6.x SQL Injection
Posted Nov 30, 2012
Authored by Fox | Site drupal.org

Drupal Webmail Plus third party module version 6.x suffers from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | 6fa3935c9e1b5fd40c0dc10a06f1425b572bff4c3acc8054a6de33b5695f47a8
Symantec Messaging Gateway Backdoor / Privilege Escalation
Posted Nov 30, 2012
Authored by Ben Williams | Site nccgroup.com

Symantec Messaging Gateway version 9.5.3-3 suffers from backdoor account and privilege escalation vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2007-4573, CVE-2008-0009, CVE-2008-4210, CVE-2009-1046, CVE-2009-1337, CVE-2009-2692, CVE-2009-3547, CVE-2010-1146, CVE-2010-2959, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-3904, CVE-2010-4073, CVE-2010-4258, CVE-2010-4347
SHA-256 | 0037358302ea3ef9e579ea39b29f6aeedaab8ea3fd730436e1fe43363d09f8dc
Nmap Port Scanner 6.25
Posted Nov 30, 2012
Authored by Fyodor | Site insecure.org

Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.

Changes: Contains hundreds of improvements, including 85 new NSE scripts, nearly 1,000 new OS and service detection fingerprints, performance enhancements such as the new kqueue and poll I/O engines, better IPv6 traceroute support, Windows 8 improvements, and much more!
tags | tool, remote, udp, tcp, protocol, nmap
systems | linux, unix
SHA-256 | 42c54fd5cc5f05e5df909757d62307102a8ff1dfaf5c2626b1cb5f2ecd009e57
SilverStripe CMS 3.0.2 Cross Site Request Forgery / Cross Site Scripting
Posted Nov 30, 2012
Authored by Nathaniel Carew | Site senseofsecurity.com.au

SilverStripe version 3.0.2 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 5cb762b339a330f6095d9df36320aed93b37bcf830588eaba27f260b27da40fb
Oracle OpenSSO 8.0 Cross Site Scripting
Posted Nov 30, 2012
Authored by LiquidWorm | Site zeroscience.mk

Oracle OpenSSO version 8.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 8c808e048c19a6a159ab6b29c16212a38f35d663f13ecf875b211ee928233412
PDFResurrect PDF Analyzer 0.12
Posted Nov 30, 2012
Authored by enferex | Site 757labs.com

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read.

Changes: This is a bugfix release. The main fix regards how the tool was locating the EOF token which the PDF writers place at the end of different versions of PDFs. Previously, if an EOF token was split across a 256-byte boundary, then Mr. Resurrect would not have found it. The new algorithm might be a tad slower, but is more precise.
tags | tool, forensics
systems | unix
SHA-256 | f2967d1fbabc24c6a50c5981c738c7daab7cd761261e64421322bd6010638d47
Ubuntu Security Notice USN-1642-1
Posted Nov 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1642-1 - Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubuntu 10.04 LTS. It was discovered that Lynx did not properly verify that an HTTPS certificate was signed by a trusted certificate authority. This could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. This update changes the behavior of Lynx such that self-signed certificates no longer validate. Users requiring the previous behavior can use the 'FORCE_SSL_PROMPT' option in lynx.cfg. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-2810, CVE-2012-5821, CVE-2010-2810, CVE-2012-5821
SHA-256 | b98e04aa75eae4a1918f485d23f130b118754361f7105d77894ebac142879154
Red Hat Security Advisory 2012-1512-01
Posted Nov 30, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1512-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2012-5134
SHA-256 | 6f7db09dd21f23e1bf77fc46e0f5d364af0871fe611443be9a977f18023d9919
Red Hat Security Advisory 2012-1511-01
Posted Nov 30, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1511-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support for Red Hat Enterprise Linux 6.1 will end on 31st May, 2013.

tags | advisory
systems | linux, redhat
SHA-256 | 9605d9da818d0a15e363b5aac249a85541b3999fc84cf8c6acf32264f66b46bd
WordPress Video Lead Form 0.5 Cross Site Scripting
Posted Nov 30, 2012
Authored by Aditya Balapure

WordPress Video Lead Form plugin version 0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-6312
SHA-256 | 6399d89e41c6f18b870131becc911b8866326d09c8fdc61c3e45091324d5ae69
Page 2 of 2

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By