OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
2951ebc2a3e9a03333618ceda7fe2c00e16f880255d3d4f48068cd8164715944Buffalo TeraStation TS-Series with firmware versions 1.5.7 and below suffer from file disclosure and command injection vulnerabilities.
a1a174bf53968f44a8d76eb7f7bf2481d5306ead2f09c68a726696b25e20edf1D-Link DCS Cameras suffer from authentication bypass and remote command execution vulnerabilities due to a remote information disclosure of the configuration.
c1329b50cb25791144375301f318deb9c2bb5c9ab4b24f003828a94666df0172Apple Security Advisory 2013-01-28-2 - Apple TV 5.2 is now available and addresses multiple security vulnerabilities.
42bab3685b63ecaaa1a338a87d718948262788e299652246eee46d5030ba1a1eApple Security Advisory 2013-01-28-1 - iOS 6.1 Software Update is now available and addresses multiple security vulnerabilities.
2dc7367b3d4bb04f6b00e22c62f360fcdc9286ad438bff55476607b328ce0475Cisco Security Advisory - The Portable Software Developer Kit (SDK) for Universal Plug-n-Play (UPnP) devices contain a libupnp library, originally known as the Intel SDK for UPnP Devices, which is vulnerable to multiple stack-based buffer overflows when handling malicious Simple Service Discovery Protocol (SSDP) requests.
8c9ec518f9576f7d3ec9cf9045faff6035b5098412a401f43bfbeeb4c0a728b0360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
f2f13eb92aabdf5dc35dc7bc6bf3c0871c6c250dddadca85516f3dcb5686d4daUbuntu Security Notice 1708-1 - Wenlong Huang discovered that libvirt incorrectly handled certain RPC calls. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Tingting Zheng discovered that libvirt incorrectly handled cleanup under certain error conditions. A remote attacker could exploit this and cause libvirt to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
382adae9f81677b0019c102b19cb2666bfdc504fe302ed2e7caa413ac0620235Red Hat Security Advisory 2013-0203-01 - Ruby on Rails is a model–view–controller framework for web application development. Active Support provides support and utility classes used by the Ruby on Rails framework. A flaw was found in the way Active Support performed the parsing of JSON requests by translating them to YAML. A remote attacker could use this flaw to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created JSON request.
43034685c3bfb65bd941bf354202fb7dea7eb46bb501ac09245ba42666e4f087Ubuntu Security Notice 1710-1 - Dan Prince discovered an issue in Glance error reporting. An authenticated attacker could exploit this to expose the Glance operator's Swift credentials for a misconfigured or otherwise unusable Swift endpoint.
a8a09ccaeac158a8d29c02bde4efb94e0ca13120c3c4459c94dc77cda6d548adUbuntu Security Notice 1709-1 - Phil Day discovered that nova-volume did not validate access to volumes. An authenticated attacker could exploit this to bypass intended access controls and boot from arbitrary volumes.
5177923a98c6ac3d386d478932348341849cee8513897b5d2a3b5446af35bc08DACS is a light-weight single sign-on and role-based access control system providing flexible, modular authentication methods and powerful, transparent rule-based authorization checking for Web services, CGI programs, or virtually any program.
476c0bcb54920e49b43f398e6fecd02c9109784718c8b1415b4c1c7c75561c71A buffer overflow vulnerability exists in EMC AlphaStor that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code. EMC AlphaStor version 4.0 prior to build 814 is affected.
c72b06bd5f6d41e9b7fe14bee9a1a610ea2db6a5ca209ce7002b36f8b6c212ecThis is an encoding tool for 32-bit x86 shellcode that assists a researcher when dealing with character filter or byte restrictions in a buffer overflow vulnerability or some kind of IDS/IPS/AV blocking your code.
24cbd02dad424b5fd7d67f805453ad43602a5c6137991b63c1de00f94e0d7407Elgg versions 1.8.12 and 1.7.16 suffer from a cross site scripting vulnerability in the Twitter Widget module.
0320007144203c2cbfa4115016d3b9111ca9e9c639ff2e1bf920708cb685b296DataLife Engine version 9.7 suffers from a PHP code injection vulnerability in preview.php.
f9fca371c6cc4a2c4cbce0576e95fe335c2ff36d4ec6b96f3b9230f8bf8b8d3aPFsense UTM Platform version 2.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
45926ded3475024d0aef4360545bac2b39e3270b21031d2fb34960a446010ee1Apple QuickTime Player Windows version 7.7.3 suffers from an out of bounds read vulnerability.
3d60aec0fbab876dd922d47e86103c69e20f4e9c1f873e349d83a0f172ffc979This Metasploit module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This vulnerability is very similar to CVE-2013-0156. This Metasploit module has been tested successfully on RoR 3.0.9, 3.0.19, and 2.3.15. The technique used by this module requires the target to be running a fairly recent version of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be exploitable using the init_with() method, but this has not been demonstrated.
769b2cec718b2f5c0376d0da94e63d98f26719caaa5c210d5a2be3bf33552211Adobe Reader XI versions 11.x suffers from a heap overflow vulnerability.
e93727de120b805345d02968f070046cb2ce10e3faee74ce008a6633a0fdb4d2Secunia Security Advisory - A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to compromise a vulnerable system.
f8f2fda08519a9751c5bdec67f2f996af84c0564cbc21d2d177e11974a90327fSecunia Security Advisory - Ubuntu has issued an update for libav. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to compromise an application using the library.
bf31505f8243f243eee6339db3047943e840bf3ecaa78659562ff9632e30bcb3Secunia Security Advisory - Apple has acknowledged a vulnerability in Apple TV, which can be exploited by malicious people to compromise a user's device.
9840930a77fca2f4cd3842453968b09047974315d55c6d17541a095360789604Secunia Security Advisory - Two security issues and multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's device.
31ff497d4f3b7b0479c3de4b8ce864679f6211c4c83c81478d03d0e11e141736Secunia Security Advisory - Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to compromise an application using the library.
076b706834305678cddbf7a406c81d6a5f943cea3b01ae77f6b08edc8aea4bf3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed