seeing is believing
Showing 76 - 100 of 653 RSS Feed

Files Date: 2012-11-01 to 2012-11-30

Secunia Security Advisory 51398
Posted Nov 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and two vulnerabilities have been discovered in Greenstone, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

tags | advisory, vulnerability, xss
MD5 | 2fd2caefe39b6c16d9bf24b2228cf846
Secunia Security Advisory 51368
Posted Nov 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in phpCAS, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
MD5 | 446c7331151925de79e7b04d71f92993
Forescout NAC 6.3.4.1 XSS / Redirection / Filter
Posted Nov 27, 2012
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Forescout NAC (Network Access Control) version 6.3.4.1 suffers from ICMP and ARP protocols not being filtered, cross site scripting, and cross site redirection vulnerabilities.

tags | exploit, vulnerability, protocol, xss
advisories | CVE-2012-4985, CVE-2012-4982, CVE-2012-4983
MD5 | 5e12789fcc5d643bf5df306f1d2fc3cc
BugTracker.Net 3.5.8 XSS / SQL Injection / File Disclosure
Posted Nov 27, 2012
Authored by DefenseCode

BugTracker.Net versions 3.5.8 and below suffer from cross site scripting, file disclosure, and remote SQL injection vulnerabilities.

tags | advisory, remote, vulnerability, xss, sql injection
MD5 | 545e0cf163cc4472452f124381443c37
RSA Adaptive Authentication (On-Premise) 6.x XSS
Posted Nov 27, 2012
Site emc.com

RSA Adaptive Authentication (On-Premise) version 6.x contains cross site scripting vulnerabilities that could be exploited by malicious users.

tags | advisory, vulnerability, xss
advisories | CVE-2012-4611
MD5 | 9dfa20a58ae371312d4a3a31f10639e0
Skype Community Username Cross Site Scripting
Posted Nov 27, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

A filter and mail encoding vulnerability in the Skype Community website application allows for cross site scripting due to a lack of sanitization in the username parameter.

tags | exploit, xss
MD5 | c129f56ddc2cc1a9758a21e9abb2f7ac
Skype Community Body / Title Cross Site Scripting
Posted Nov 27, 2012
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

A filter and mail encoding vulnerability in the Skype Community website application allows for cross site scripting due to a lack of sanitization in the message and body parameters.

tags | exploit, xss
MD5 | dbdb6e65dff5eb51aef536422ff8990f
SoftHSM 1.3.4
Posted Nov 27, 2012
Authored by Rickard Bellgrim | Site wiki.opendnssec.org

SoftHSM is an implementation of a cryptographic store accessible through a PKCS#11 interface. You can use it to explore PKCS#11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.

Changes: Supports an RSASSA-PSS signature scheme. The default location of the token database is now $localstatedir/lib/softhsm/.
tags | library
systems | unix
MD5 | e28ef8312654326a84aac4630e93dd88
Ubuntu Security Notice USN-1640-1
Posted Nov 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1640-1 - Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2012-4562
MD5 | 3a7f6d5acc0e680f06e55adfafdf5f04
Seringa SQL Injection Framework
Posted Nov 26, 2012
Authored by Paraschiv Andrei | Site github.com

Seringa (Romanian for seringe) is an SQL injection framework featuring high customizability and a user-friendly interface. It is completely open source. Uses the .NET 4.0 framework and Windows Presentation Foundation (WPF) for the GUI. With regard to design it utilizes the Strategy Pattern to distinguish between various SQLi strategies whilst storing other relevant data such as exploits, payloads and patterns in xml files so that the framework can be easily customized from the outside (a manifestation of the Open-Closed Principle).

tags | tool, scanner, sql injection
systems | windows, unix
MD5 | 545e020fb9d276b26308266239c010c0
Apple QuickTime 7.7.2 TeXML Style Element font-table Field Stack Buffer Overflow
Posted Nov 26, 2012
Authored by juan vazquez, Arezou Hosseinzad-Amirkhizi | Site metasploit.com

This Metasploit module exploits a vulnerability found in Apple QuickTime. When handling a TeXML file, it is possible to trigger a stack-based buffer overflow, and then gain arbitrary code execution under the context of the user. This is due to the QuickTime3GPP.gtx component not handling certain Style subfields properly, as the font-table field, which is used to trigger the overflow in this module. Because of QuickTime restrictions when handling font-table fields, only 0x31-0x39 bytes can be used to overflow, so at the moment DEP/ASLR bypass hasn't been provided. The module has been tested successfully on IE6 and IE7 browsers (Windows XP and Vista).

tags | exploit, overflow, arbitrary, code execution
systems | windows, apple, xp
advisories | CVE-2012-3752, OSVDB-87087
MD5 | 31e34bb93d9758dc9d8c0543503fe151
EMC Smarts Network Configuration Manager Bypass
Posted Nov 26, 2012
Site emc.com

EMC Smarts Network Configuration Manager versions prior to 9.1 suffer from hard-coded encryption key and unauthenticated database connection vulnerabilities.

tags | advisory, vulnerability
advisories | CVE-2012-4615
MD5 | af1580456117dc2868993ff8faf3eb0a
Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Free
Posted Nov 26, 2012
Authored by VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the "DocumentViewerImpl::Show()" function, which could allow remote attackers to execute arbitrary code via a specially crafted web page.

tags | advisory, remote, web, arbitrary
MD5 | 2f17c9dabd5b77d3d92376f7ab61831b
mcrypt 2.5.8 Stack Based Overflow
Posted Nov 26, 2012
Authored by Tosh

mcrypt versions 2.5.8 and below stack based overflow exploit. Bypasses NX and ASLR protections.

tags | exploit, overflow
advisories | CVE-2012-4409
MD5 | c5923efd56756d5d1cd48e57007e6700
SmartCMS SQL Injection
Posted Nov 26, 2012
Authored by NoGe

SmartCMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 3166182b2973659a248fc89fc9dd8fc3
PRADO PHP Framework 3.2.0 File Read
Posted Nov 26, 2012
Authored by LiquidWorm | Site zeroscience.mk

PRADO PHP Framework version 3.2.0 suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary, php
MD5 | 5a1eedb2798fcc3247cdf0097f466eab
GNU Transport Layer Security Library 3.1.5
Posted Nov 26, 2012
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release adds support for UCS-2 encoded DNs, improvements to smart card key generation, and a few bugfixes.
tags | protocol, library
MD5 | cd4e5a5382b0e0c76c6cffe30d48bbb6
CVE Checker 3.2
Posted Nov 26, 2012
Authored by Sven Vermeulen | Site cvechecker.sourceforge.net

cvechecker reports about possible vulnerabilities on your system by scanning the installed software and matching the results with the CVE database. This is not a bullet-proof method and you will most likely have many false positives, but it is still better than nothing, especially if you are running a distribution with little security coverage.

Changes: Reports CVSS scoring when a CVE is potentially applicable to the system. Also fixes some buffer handling code and adds in checks for missing runtime dependencies in the scripts.
tags | tool, vulnerability
systems | unix
MD5 | 6365bfd08d588e7dd3e0e0aa968a16ee
Incomedia WebSite X5 Evolution 9.0.4.1748 XSS / Bypass
Posted Nov 26, 2012
Authored by Akastep

Incomedia WebSite X5 Evolution versions 9.0.4.1748 and below suffer from bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | d8dc0df822539dfc361158e407a42275
WordPress Oberliga SQL Injection
Posted Nov 26, 2012
Authored by Ashiyane Digital Security Team, sil3nt

WordPress Oberliga Theme suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a349c8393ee82075ee230c57dbbe096f
PHP-Nuke 8.2 SQL Injection
Posted Nov 26, 2012
Authored by Ashiyane Digital Security Team

PHP-Nuke version 8.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 0bb338200c03a534877b7225a3f6e353
Secunia Security Advisory 51374
Posted Nov 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for icedtea-web. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory, web
systems | linux, suse
MD5 | ca2fd2e26187e36cd432e53cc13ac384
Secunia Security Advisory 51329
Posted Nov 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
MD5 | 42252c687f15a23db0f43611be00392f
Secunia Security Advisory 51290
Posted Nov 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Vulnerability lab has reported two vulnerabilities in ManageEngine ServiceDesk Plus, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
MD5 | 238ae2bc29b5d14aa20245934bedc034
Secunia Security Advisory 51354
Posted Nov 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Julien Cayssol has reported a vulnerability in Synology Photo Station, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
MD5 | b5d9da68548db03bdb4f1d9e7cbd0e41
Page 4 of 27
Back23456Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    22 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close