all things security
Showing 51 - 75 of 610 RSS Feed

Files Date: 2013-02-01 to 2013-02-28

Photodex ProShow Producer 5.0.3297 Insecure Library Load
Posted Feb 23, 2013
Authored by Julien Ahrens | Site security.inshell.net

Photodex ProShow Producer version 5.0.3297 suffers from an insecure library loading vulnerability. Proof of concept code included.

tags | exploit, proof of concept
MD5 | a9b997d7704ea4fb456c4216d6358c78
IPMap 2.5 Shell Upload
Posted Feb 23, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

IPMap version 2.5 suffers from remote shell upload vulnerabilities.

tags | exploit, remote, shell, vulnerability
MD5 | b2d1a0959b972356bb9f762e1fcdadb2
Kayako Fusion 4.51.1891 Cross Site Scripting
Posted Feb 23, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Kayako Fusion version 4.51.1891 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 244e668351a0592667f70c4db912b66d
SAP SMD Agent Code Injection
Posted Feb 23, 2013
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - Abuse of the SAP SMD agent unauthenticated interface will allow a remote attacker to install an arbitrary application and achieve a full compromise of the SMD agent and the SAP instances installed on the server.

tags | advisory, remote, arbitrary
MD5 | a3fa3c4d188ac361aa0806342d3c9692
SAP CCMS Agent Code Injection
Posted Feb 23, 2013
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - The SAP CCMS agent is built as an RFC external server, exposing several RFC functions. One of these functions allows a remote unauthenticated user to execute arbitrary commands which are executed with SIDADM privileges (the highest possible in the SAP world).

tags | advisory, remote, arbitrary
MD5 | b8f6cf76d0d5344548c14afdf4f4e944
Oracle Enterprise Manager Resource Manager SQL Injection
Posted Feb 23, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/instance/rsrcpln in Oracle Enterprise Manager Resource Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0358
MD5 | e1e329133ead91ef0a98b9b983c4c877
Oracle Enterprise Manager advReplicationAdmin Cross Site Scripting
Posted Feb 23, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - It appears that /em/console/database/dist/advRepl/advReplicationAdmin in Oracle Enterprise Manager suffers from multiple cross site scripting vulnerabilities. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, vulnerability, xss
advisories | CVE-2013-0355
MD5 | 2a695827f0c4093d27f16bb38f123ad7
SAP J2EE Core Service Arbitrary File Access
Posted Feb 22, 2013
Authored by Juan Pablo Perez Etchegoyen | Site onapsis.com

Onapsis Security Advisory - By exploiting an arbitrary file access vulnerability in the SAP J2EE Core Services, a remote unauthenticated attacker may be able to compromise the entire ERP system.

tags | advisory, remote, arbitrary
MD5 | e1fd7e635e176bce799bc3889400bc73
Abusing, Exploiting, And Pwning With Firefox Add-Ons
Posted Feb 22, 2013
Authored by Ajin Abraham

This paper discusses a number of ways through which hackers can use Mozilla Firefox as a platform to run there malicious pieces of code with privileges and features.

tags | paper
MD5 | b89cfaf1ecf68081c8b9cd981e067659
SAP Enterprise Portal Cross Site Scripting
Posted Feb 22, 2013
Authored by Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.

tags | advisory
MD5 | f21c0fd588c3c3e6de43249511b857ca
Oracle Enterprise Manager Segment Advisor URL Redirection
Posted Feb 22, 2013
Authored by Qinglin Jiang | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control Segment Advisor page is vulnerable to an arbitrary URL redirection/phishing vulnerability. An attacker may inject an arbitrary URL into the web application and force the application to redirect to it without any validation. This vulnerability can be used in phishing attacks to trick legitimate users to visit malicious sites without realizing it. The affected link and parameter are /em/console/database/xdb/XDBResource and cancelURL. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web, arbitrary
advisories | CVE-2012-3219
MD5 | 869d4e4625a5f6c7bfbea9dc0af27018
Ruby Parser 2.0.4 Insecure File Creation
Posted Feb 22, 2013
Authored by Michael Scherer

Ruby Parser version 2.0.4 insecurely creates files in /tmp that can allow for a denial of service condition.

tags | advisory, denial of service, ruby
advisories | CVE-2013-0162
MD5 | cc82f7908fd25da5bf86a12880516f5f
Oracle Enterprise Manager Streams Queue SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/streams/queue in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0373
MD5 | a4d5f9be647091e83238c727780531ae
Nagios NRPE 2.13 Code Execution
Posted Feb 22, 2013
Authored by Rudolph Pereira | Site occamsec.com

Nagios NRPE versions 2.13 and below suffer from a remote command execution vulnerability.

tags | exploit, remote
advisories | CVE-2013-1362
MD5 | 4bb88c7ff6804d3843fb52e6d7d06bc9
Oracle Enterprise Manager SCPLBL_COLLECTED SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/ecm/config/savedConfig in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0353
MD5 | 797c84ce05ba270d3864a0ef83dc78e9
Oracle Enterprise Manager dBClone SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/dbclone/dBClone in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0374
MD5 | 89bf7d1270831f578edfebc65d7cc8f6
SAP SDM Denial Of Service
Posted Feb 22, 2013
Authored by Mariano Nunez Di Croce, Jordan Santarsieri | Site onapsis.com

Onapsis Security Advisory - The SDM suffers from a design vulnerability in the way it handles failed user authentication attempts, generating a denial of service condition if some conditions are met. This can be abused by a malicious attacker to disrupt this service.

tags | advisory, denial of service
MD5 | 81264124fb915a0bf5718671139c00f1
Oracle Enterprise Manager advReplicationAdmin SQL Injection
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - An attacker hosting a malicious web site can execute SQL statements in the backend database when an administrator with an open session in Oracle Enterprise Manager web application visits the malicious web site. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web, sql injection
advisories | CVE-2013-0372
MD5 | c72e97c74ef4419cb68cdf98e5db1bd0
Oracle Enterprise Manager HTTP Response Splitting
Posted Feb 22, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - The 'pagename' parameter of web page /em/console/ecm/policy/policyViewSettings in Oracle Enterprise Manager is vulnerable to HTTP response splitting attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web
advisories | CVE-2013-0354
MD5 | 9388cdd4aa6b1596bd6089c72e1b5935
SAP Portal PDC Information Disclosure
Posted Feb 22, 2013
Authored by Mariano Nunez Di Croce | Site onapsis.com

Onapsis Security Advisory - The SAP Portal "Federation" configuration pages do not properly handle authentication, exposing the entire Portal infrastructure.

tags | advisory
MD5 | 4d262d37dfa5719ad9f94c1b5bf45046
Oracle Database GeoRaster API Overflow
Posted Feb 22, 2013
Authored by Martin Rakhmanov | Site appsecinc.com

Team SHATTER Security Advisory - GeoRaster is a feature of Oracle Spatial that lets you store, index, query, analyze, and deliver GeoRaster data. One of the GeoRaster APIs is prone to stack-based overflow.

tags | advisory, overflow
advisories | CVE-2012-3220
MD5 | 1b9cfd8ead75e8554fb10baac48dbdb8
Oracle Enterprise Manager XDBResource cancelURL XSS
Posted Feb 22, 2013
Authored by Qinglin Jiang | Site appsecinc.com

Team SHATTER Security Advisory - Oracle Enterprise Manager Database Control XML Database Resources page is vulnerable to a cross site scripting vulnerability. An attacker may inject malicious code into the web application and trick a legitimate user into executing it by various methods. Affected versions include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, web, xss
advisories | CVE-2013-0352
MD5 | a98fbf64b2f23341ab19238dfd37619b
Samsung Galaxy S3 Screen-Lock Bypass
Posted Feb 22, 2013
Authored by MTI Technology | Site mti.com

The Samsung Galaxy S3 w/ Android version 4.1.2 suffers from a bypass vulnerability due to S-Voice allowing the launch of any command even when the screen is locked.

tags | exploit, bypass
MD5 | 6bce91884ef328c823750cdc5df417c1
Ubuntu Security Notice USN-1743-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1743-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | 0fbc6c3f55e364628e4bdc372f487efb
Ubuntu Security Notice USN-1742-1
Posted Feb 22, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1742-1 - Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2013-0871
MD5 | e5783a805958ee2fde28418f4a2d4f66
Page 3 of 25
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close