what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2013-01-15 to 2013-01-16

Ubuntu Security Notice USN-1691-1
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1691-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-4530
SHA-256 | c12022788231ab722ec0ff37568bbea0399356655e3b6b0008944fa0995e1af1
Ubuntu Security Notice USN-1689-1
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1689-1 - Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-4461, CVE-2012-4530, CVE-2012-4461, CVE-2012-4530
SHA-256 | 87da7447cdcc58e1c011de3f09aca77987a1561e2e522ee7655b485e4b57846b
Ubuntu Security Notice USN-1688-1
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1688-1 - Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE feature. On hosts, using qemu userspace, without the XSAVE feature an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-4461, CVE-2012-4530, CVE-2012-4461, CVE-2012-4530
SHA-256 | 9410264f6fc934cc4b6e55a8421ce6e660fa9a5c59cee780c20d92dcd39b6903
Debian Security Advisory 2608-1
Posted Jan 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2608-1 - It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-6075
SHA-256 | 885c09b10b563f1d09f7b11e89fe4648ad65477609292a1caa73573351a389f0
Debian Security Advisory 2607-1
Posted Jan 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2607-1 - It was discovered that the e1000 emulation code in QEMU does not enforce frame size limits in the same way as the real hardware does. This could trigger buffer overflows in the guest operating system driver for that network card, assuming that the host system does not discard such frames (which it will by default).

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-6075
SHA-256 | cbc6fe2d8705fb44082076cf2f5b84f138b813ca49da1f70ef16a66238fc582d
Red Hat Security Advisory 2013-0164-01
Posted Jan 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0164-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3546
SHA-256 | 2dc31609e5e28a443a06ee639d65c5c49d48575ef3fe138719bad835aaf0e092
Red Hat Security Advisory 2013-0162-01
Posted Jan 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0162-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546
SHA-256 | 32a92f350129341692adc47a732a174b110148665a30503cd55598fe3319ad5b
Red Hat Security Advisory 2013-0163-01
Posted Jan 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0163-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3546
SHA-256 | 22cfc2f88b06e62ca4bbbbf1021638fd52e89d13588d9d657cc38ac4cac062e0
Snews CMS SQL Injection
Posted Jan 15, 2013
Authored by By onestree

Snews CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5775ab0b553da86a1cc2826df674d737c2e06a94325bab1d79b587b314e563f1
DOMSDAY: Analyzing A DOM-Based XSS In Yahoo!
Posted Jan 15, 2013
Authored by Abysssec, Shahin | Site abysssec.com

This is a whitepaper that discusses a reflective cross site scripting issue in *.adspecs.yahoo.com due to sessvars.js not filtering before performing an eval.

tags | paper, xss
SHA-256 | ec7a8bcfbe030e87367b8b94832c2b64cdd0550ea279469bf63bb2f775015438
phpLiteAdmin 1.8.x / 1.9.x SQL Injection
Posted Jan 15, 2013
Authored by KedAns-Dz

phpLiteAdmin versions 1.8.x and 1.9.x suffer from remote SQL injection and path disclosure vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 0040b2134dfa5935dcd304cb28a4d32278bb7672c063c3ca3bef062b3e1fa1a7
Secunia Security Advisory 51780
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in the Simple Login Log plugin for WordPress, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct script insertion and SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | 23150256c1be79eb90325cf6e162910c682ac31b8d774e8b0de1c8fdeb9ac676
Secunia Security Advisory 51826
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory
systems | linux, ubuntu
SHA-256 | e07fe3d61c370597a2508c00cf7fa0a0827c07dd0b2c61dc1b816d24b67e6b24
Secunia Security Advisory 51617
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Inshell Security has discovered a vulnerability in Serva, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | a53c62ff3e003098017a0019e5a2e19600b73fee89a08eab5a04cf20278d3223
Secunia Security Advisory 51873
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for java-1.7.0-oracle. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, java, vulnerability
systems | linux, redhat
SHA-256 | bffade15f67b40ad5b42074a3eabb1d13333a078269a627407a222591c5d601d
Secunia Security Advisory 51841
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for tomcat. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | 8fb7408af57979818d3514803ce34880b6642366a3d8f21bf9cbd8fc76974207
Secunia Security Advisory 51860
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in E.M.M.A., which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, vulnerability
SHA-256 | 47d9c1bb61075444e590766321b74e3d3428fa9ce06ac40d87d9bdd3b8b2ab9e
FreeSSHd 1.2.6 Authentication Bypass
Posted Jan 15, 2013
Site metasploit.com

This Metasploit module exploits a vulnerability found in FreeSSHd versions 1.2.6 and below to bypass authentication. You just need the username (which defaults to root). The exploit has been tested with both password and public key authentication.

tags | exploit, root
advisories | CVE-2012-6066, OSVDB-88006
SHA-256 | 0272e1bc1c0f2058ce2f21fa14e3a0637074e73625db7d48068910d45f94ec8d
Secunia Security Advisory 51633
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Cognos TM1, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | fc0f3061dcb085abd1f11bcab246088e7ba629672d08a16937f608355ad31272
Secunia Security Advisory 51838
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
SHA-256 | 25d993c27dca3b07e3d2e1d6479478b43b58fbb2414949b7f539ac153b900723
Microsoft Security Bulletin Out-Of-Band Summary For January, 2013
Posted Jan 15, 2013
Site microsoft.com

This bulletin summary lists one released out-of-band Microsoft security bulletin for January, 2013.

tags | advisory
SHA-256 | 164b32910c91aaf76a2cf2a7aa765b570c8ea0b5dad172c8f77a42d13ac5dc42
Secunia Security Advisory 51832
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Juniper JunosE, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | juniper
SHA-256 | 08b8b6a0e8065ce1da5d3243663e8f8be801cdcc79193e1ced3e6a3cd4df6369
Secunia Security Advisory 51862
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Condor, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 6f2776722e6a004b81aeb6f5f6085b59e53674d615d31e60e81ac626e4ae94fd
Secunia Security Advisory 51765
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information.

tags | advisory, vulnerability, xss
SHA-256 | b0742ff0b7d2c554823ad4c235840cc1943caa4d4014d03c4ab5acd748d17528
Secunia Security Advisory 51840
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Samba, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
SHA-256 | dceb5a4354fb91de550d8c287cd9ad29c7eac6addca8b96bc251c2f4c53c4aa0
Page 1 of 2
Back12Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close