exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 40 of 40 RSS Feed

Files Date: 2013-01-15 to 2013-01-16

Secunia Security Advisory 51803
Posted Jan 15, 2013
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Redis, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
SHA-256 | 6f1ecb454bc96e79dc7fb377ea7b48db9fa534a4d3b39d408ee5b00999344cc1
Bluefog 0.0.3
Posted Jan 15, 2013
Authored by Tom Nardi | Site digifail.com

Bluefog is a tool that can generate an essentially unlimited number of phantom Bluetooth devices. It can be used to test Bluetooth scanning and monitoring systems, make it more difficult for attackers to lock onto your devices, or otherwise complicate the normal operation of Bluetooth devices. Technically, Bluefog can work with just one Bluetooth adapter, but it works much better when you connect multiple adapters. Up to four radios are currently supported simultaneously.

Changes: Many internal fixes and early work on a proper signal handler. Threads should now (probably) shut down cleanly.
tags | tool, wireless
systems | unix
SHA-256 | 9ce4d6f066e5f05c949e431d41a748db7739834dd47dbdb23b4e0b4b652866c7
Nagios 3.x Remote Command Execution
Posted Jan 15, 2013
Authored by Blasty

Nagios version 3.x suffers from a remote command execution vulnerability in history.cgi.

tags | exploit, remote, cgi
advisories | CVE-2012-6096
SHA-256 | e9958b0f049ad1bc4400634ee8177ed434f1a56da56c38cae3879f16f2a207c8
Ubuntu Security Notice USN-1687-2
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1687-2 - USN-1687-1 fixed a vulnerability NSS. This update provides the NSPR needed to use the new NSS. Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-0743
SHA-256 | 83cecb914e0d84557ebb4ebd287e67e2410142d4bda1a45acb0c83ad55cb99da
Ubuntu Security Notice USN-1687-1
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1687-1 - Two intermediate CA certificates were mis-issued by the TURKTRUST certificate authority. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-0743
SHA-256 | 2c880fd754a63df7f4e2ab3b0fb2a8d3137ab98e86a46fe7a2f65b59f9d403e7
Red Hat Security Advisory 2013-0156-01
Posted Jan 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0156-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2012-3174, CVE-2013-0422
SHA-256 | 5eade1c35ed76fb2cc4da345cf65326653ace89d25da3b321d2b14ca340f1694
Red Hat Security Advisory 2013-0158-01
Posted Jan 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0158-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546
SHA-256 | 9e75af8306c055924f661c09f7e7afbc4f80aec7bda581f0ab31097873d39aa6
Red Hat Security Advisory 2013-0157-01
Posted Jan 15, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0157-01 - Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate(), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3546
SHA-256 | 374121d1081da7d8e7b4e631810b2e0ecea0d40a4f9cb3393082044e3adc3d5e
Ubuntu Security Notice USN-1686-1
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1686-1 - Mateusz Jurczyk discovered that FreeType did not correctly handle certain malformed BDF font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-5668, CVE-2012-5669, CVE-2012-5670
SHA-256 | ff5afcec1caee64a1033d68cfc54664d11d85faa8910e69caf5983e3553d6e29
Debian Security Advisory 2605-1
Posted Jan 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2605-1 - Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit, that allow remote attackers to perform denial of service attacks.

tags | advisory, remote, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2012-5976, CVE-2012-5977
SHA-256 | e42362badf3265d9356fcd4cdf050c88510bf7b13ca8d4defe28d4c52af1d6cc
Debian Security Advisory 2606-1
Posted Jan 15, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2606-1 - It has been discovered that in ProFTPd, an FTP server, an attacker on the same physical host as the server may be able to perform a symlink attack allowing to elevate privileges in some configurations.

tags | advisory
systems | linux, debian
advisories | CVE-2012-6095
SHA-256 | cf7a671eb3e7dbcb0020cf0bfc6098c3caeff7fdafc94366210749a4692aab2d
Ubuntu Security Notice USN-1685-1
Posted Jan 15, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1685-1 - It was discovered that Tomcat incorrectly performed certain security constraint checks in the FORM authenticator. A remote attacker could possibly use this flaw with a specially-crafted URI to bypass security constraint checks. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10 and Ubuntu 12.04 LTS. It was discovered that Tomcat incorrectly handled requests that lack a session identifier. A remote attacker could possibly use this flaw to bypass the cross-site request forgery protection. Various other issues were also addressed.

tags | advisory, remote, csrf
systems | linux, ubuntu
advisories | CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534
SHA-256 | 79532f6936e805b7d5c26f245986b7203950b4251272d82f8429b94f4668b18e
Security Notice For CA ARCserve Backup
Posted Jan 15, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to multiple risks with certain CA ARCserve Backup RPC services. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. The first vulnerability occurs due to a flaw with how RPC requests are processed. An attacker can potentially execute arbitrary code or cause a denial of service on server installations. The second vulnerability occurs due to insufficient validation of certain RPC requests and exploitation can result in a service crash. This vulnerability affects both server and agent installations. This advisory is an updated version of the originally release CA20121018-01.

tags | advisory, remote, denial of service, arbitrary, vulnerability
advisories | CVE-2012-2971, CVE-2012-2972
SHA-256 | be3d581b61c9b5924795c648c3df4db5b11cf040219259da002acc2321c797fa
ProActive CMS XSS / CSRF / Open Redirect
Posted Jan 15, 2013
Authored by Rafay Baloch

ProActive CMS suffers from cross site request forgery, cross site scripting, and open redirect vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 568536e08fe1d3043e92533be68c6b3916ff57e51f21738f12f3c95a131c5879
Calendar Scripts A.M.Y 1.4 Cross Site Scripting
Posted Jan 15, 2013
Authored by Viknesvaran Sittaramane

Calendar Scripts A.M.Y. Ad Management software version 1.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dbe429afd6de011f44886c21fe1edb326a4cba20b589175b2428e96134dedff6
Page 2 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close