what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 126 - 150 of 611 RSS Feed

Files Date: 2013-02-01 to 2013-02-28

Red Hat Security Advisory 2013-0519-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0519-02 - OpenSSH is OpenBSD's Secure Shell protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc's error() function was called rather than the intended error() function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_agent_auth to crash, disclose portions of its memory or, potentially, execute arbitrary code.

tags | advisory, arbitrary, shell, protocol
systems | linux, redhat, openbsd
advisories | CVE-2012-5536
SHA-256 | fb4c0807ded976e32bae9182da0fa9a8423f588150cae073a4d4482f9e4f8d2a
Red Hat Security Advisory 2013-0517-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0517-02 - The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to. These updated util-linux-ng packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes.

tags | advisory, local, info disclosure
systems | linux, redhat
advisories | CVE-2013-0157
SHA-256 | e50c39bf7344de3fea858940c56def62377126d41405e0c2b1144f60a83ba79c
Red Hat Security Advisory 2013-0516-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0516-02 - Evolution is the GNOME mailer, calendar, contact manager and communication tool. The components which make up Evolution are tightly integrated with one another and act as a seamless personal information-management tool. The way Evolution handled mailto URLs allowed any file to be attached to the new message. This could lead to information disclosure if the user did not notice the attached file before sending the message. With this update, mailto URLs cannot be used to attach certain files, such as hidden files or files in hidden directories, files in the /etc/ directory, or files specified using a path containing "..".

tags | advisory, info disclosure
systems | linux, redhat
advisories | CVE-2011-3201
SHA-256 | 19dc02c8700bb8cadf203cfe9ea729965edc9f1f3d8b98c45312fb67a8780cf0
Red Hat Security Advisory 2013-0515-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0515-02 - The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls. With this update, the code has been generated with an updated version of PIDL to correct this issue. The openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes.

tags | advisory, overflow, perl, protocol
systems | linux, redhat
advisories | CVE-2012-1182
SHA-256 | 5c9dd4885b245ecf8ed98fec1242a39231d294c129bcbb7e1f55c61f932d8dc5
Red Hat Security Advisory 2013-0502-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0502-02 - The Core X11 clients packages provide the xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps clients that ship with the X Window System. It was found that the x11perfcomp utility included the current working directory in its PATH environment variable. Running x11perfcomp in an attacker-controlled directory would cause arbitrary code execution with the privileges of the user running x11perfcomp. Also with this update, the xorg-x11-utils and xorg-x11-server-utils packages have been upgraded to upstream version 7.5, and the xorg-x11-apps package to upstream version 7.6, which provides a number of bug fixes and enhancements over the previous versions.

tags | advisory, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2011-2504
SHA-256 | 8974a444d50fe2989773da05386646349dedb05d7acd8ff3c9d54d161b257750
Red Hat Security Advisory 2013-0508-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0508-02 - The System Security Services Daemon provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user.

tags | advisory, remote, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2013-0219, CVE-2013-0220
SHA-256 | 5f4d4ac0d402e7d34c822b10932ba79a7ffbb16252504fea9e6c982a0cd5cf68
Red Hat Security Advisory 2013-0512-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0512-02 - The httpd packages contain the Apache HTTP Server, which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use this flaw to conduct cross-site scripting attacks against users visiting the site. It was discovered that mod_proxy_ajp, when used in configurations with mod_proxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP CPing request was responded to by the back-end. A remote attacker able to make a back-end use an excessive amount of time to process a request could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2008-0455, CVE-2012-2687, CVE-2012-4557
SHA-256 | f8cfe39b362ad6d9a254f54f9420f1cf47a5d594adaddff4dc75cf932ed837ff
Red Hat Security Advisory 2013-0509-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0509-02 - Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access technology. A denial of service flaw was found in the way ibacm managed reference counts for multicast connections. An attacker could send specially-crafted multicast packets that would cause the ibacm daemon to crash. It was found that the ibacm daemon created some files with world-writable permissions. A local attacker could use this flaw to overwrite the contents of the ibacm.log or ibacm.port file, allowing them to mask certain actions from the log or cause ibacm to run on a non-default port.

tags | advisory, remote, denial of service, local
systems | linux, redhat
advisories | CVE-2012-4517, CVE-2012-4518
SHA-256 | e996081a2160a7881cd8861b5d0513ae4281dd566e56934c205bdf215d344c19
Red Hat Security Advisory 2013-0504-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0504-02 - The dhcp packages provide the Dynamic Host Configuration Protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2012-3955
SHA-256 | 0fa284dfd579b540666e5e24e644a8ab74c7d57e9707eaf293d4f52a0f39ec7f
Red Hat Security Advisory 2013-0506-02
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0506-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. The samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate issued by an AD Key Distribution Center .

tags | advisory, overflow, perl, protocol
systems | linux, redhat
advisories | CVE-2012-1182
SHA-256 | b4f586366b5141c1d1a1fbcbba40b5840262fafcced1a44a41f7ab8f27a62fcb
EasyWebScripts eBay Clone Script SQL Injection
Posted Feb 21, 2013
Authored by 3spi0n

EasyWebScripts eBay Clone Script suffers from remote SQL injection and CRLF injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | b043a94f844af4460c90d1bbb5fd0e0f1838373d2498784f9ce3b6c6d0231de2
Alt-N MDaemon WorldClient / WebAdmin Cross Site Request Forgery
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

Alt-N MDaemon version 13.0.3 WorldClient and WebAdmin applications suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 7254dc66cd6fba6e9a6eb7e9d46b3ad55c8a16813b7770255f61f633561438bb
WordPress Pretty Link 1.6.3 Cross Site Scripting
Posted Feb 21, 2013
Authored by hip

WordPress Pretty Link plugin version 1.6.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-1636
SHA-256 | 0bd94f72723b7408dcb28b0101289332e56f5ec23c7de0a8015324251cd66bfc
Alt-N MDaemon WorldClient Predictable Session ID
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a predictable session identifier vulnerability.

tags | exploit
SHA-256 | 92424873721cd173dc332823577d395adb3e123a0b90d2cd1514c100d2e80883
Alt-N MDaemon Email Body Cross Site Scripting
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

Alt-N MDaemon version 13.0.3 suffers from a cross site scripting vulnerability in the email body due to a lack of sanitization.

tags | exploit, xss
SHA-256 | 7325b220864d0b6ff380a077b29aa8c7293ee9eaa3cbb5bbf03f8dd6edefd13d
Technical Cyber Security Alert 2013-51A
Posted Feb 21, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-51A - Multiple vulnerabilities in Java could allow an attacker to execute arbitrary code on a vulnerable system.

tags | advisory, java, arbitrary, vulnerability
SHA-256 | 3662c67f09c52ec14017db6406023a4ed1ca2da91ff85b5b491858b99befb54d
Alt-N MDaemon WorldClient Username Enumeration
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a username enumeration vulnerability based on responses provided.

tags | exploit
SHA-256 | 88ffc39eb1145981a8577ef2cd3a701922e79b7e248031243a1d54728446a564
Alt-N MDaemon WebAdmin Remote Code Execution
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WebAdmin application suffers from a remote code execution vulnerability via the user account import facility.

tags | exploit, remote, code execution
SHA-256 | b1e0f846c97665c28984ae715b8e4178e351676b7e1aef82d5ac59c0302500d2
Alt-N MDaemon WorldClient Credential Disclosure
Posted Feb 21, 2013
Authored by Demetris Papapetrou, QSecure | Site qsecure.com.cy

The Alt-N MDaemon version 13.0.3 WorldClient application suffers from a credential disclosure vulnerability. This is possible because the application replies to a request with a response that contains the credentials in an encoded (reversible) format.

tags | exploit, info disclosure
SHA-256 | 5e526cfd34acc8dc5cebe4e940c88c797073c12adce735bb8dc9adf90132aebf
glFusion 1.2.2 Cross Site Scripting
Posted Feb 21, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

glFusion version 1.2.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-1466
SHA-256 | 6306b577c5a62df9e36abe88ce8b0307d8747c5119f8cf35f07026923b542faa
Ubuntu Security Notice USN-1731-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1731-1 - Stuart Stent discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-1664, CVE-2013-1664
SHA-256 | ef9e505dbeaa2ad430eea778d8ab79ad8cdd420cc8284cb9889efcadf8e51957
Ubuntu Security Notice USN-1730-1
Posted Feb 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1730-1 - Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker could exploit this to cause a denial of service via resource exhaustion. Authenticated users could also use this to view arbitrary files on the Keystone server. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-0282, CVE-2013-0282, CVE-2013-1664, CVE-2013-1665
SHA-256 | 40cd9b1218bf350a4f1e6f5441962aa2cec841a1855cb9bd3ea8fb2559367309
Red Hat Security Advisory 2013-0533-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0533-01 - Security: JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-2487, CVE-2011-2730, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-3369, CVE-2012-3370, CVE-2012-5370, CVE-2012-5478
SHA-256 | d0d6dd86868163ea86659cbce4e62fa346ab23fec9600a6fe72c27a787121386
Red Hat Security Advisory 2013-0532-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0532-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 15 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486, CVE-2013-1487
SHA-256 | 715f873e25410bc468e412c2a033bb64beb683efec1499c2641f64dcbd2dd75b
Red Hat Security Advisory 2013-0531-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0531-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes three vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 41. All running instances of Oracle Java must be restarted for the update to take effect.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0169, CVE-2013-1486, CVE-2013-1487
SHA-256 | 02aadfa81bfc8c12143738a124655e974f4700f9e9aebca7ab5638be2cd5ef43
Page 6 of 25
Back45678Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close