RSA Authentication Agent version 7.1.1 for Windows suffers from an issue where a user may incorrectly gain access to a desktop or a server.
2f238efee7569fbed4654191f68bd99735eb85488927065675a4251d6a5453c0
This paper presents an in depth study of the dangers of XSS vulnerabilities and vulgarizes its exploitation, it also showcases the remedies of post XSS attacks that can be adopted as a safeguard. Further, they exploit a vulnerability and develop a novel module for one of the popular tools of post XSS exploitation. This module can be used to make a SIP (Session Initiation Protocol) call. It has been developed with the intention of being included into the new release of the XSSF framework.
7dbbd574b496be79c52c8e911121efacadc66a405c4adb8ada6c3d26422c99a3
Drupal Premium Responsive third party theme version 7.x suffers from a cross site scripting vulnerability.
23a80398649d04bef15c79c5973569ab416103be63a280e89197ff901240e339
Sami FTP Server version 2.0.1 LIST command buffer overflow exploit.
76c68990c26282f90daa7b08769b610ef36c0b70a461d77e07ce83e387a745c6
Hanso Player version 2.1.0 suffers from a buffer overflow vulnerability when handling malformed .m3u files.
9f795d63d476e39c05ab7ce40363630a17581143203123982932bd0ff50c7f30
This archive contains all of the 157 exploits added to Packet Storm in February, 2013.
3ca8c782834b8aa7cad0999737ca998d5dabc9d1a592cf13353edea165d992c6
Ubuntu Security Notice 1729-2 - USN-1729-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in freezes and crashes when using multiple tabs with images displayed. This update fixes the problem. Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. Various other issues were also addressed.
6c6ed11b905d9e5ea9eb087e8ebfaad6c611dc8cf1da9aad0b8b3490cc0c5f65
Oracle Auto Service Request insecure creates files in /tmp using time stamps allow for root-owned files to be clobbered.
62958024223f7ff7956367f2a7735ad90e0b9970a5455344602162eceb1fc1e4
The ROOTCON 7 Call For Papers has been announced. It will be held September 13th and 14th, 2013 at the Parklane International Hotel, Cebu City, Philippines.
85543dc5c5b8a98ff27a7f8d769ab9c20f51ed713742bf709afbcd9144128fec
PHP-Fusion version 7.02.05 suffers from insecure backup handling, cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
fa7b586afe0a410a0efe0520e47423439ff8a65220c5db6358b160d972751277
Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/advRepl/advReplicationAdmin in Oracle Enterprise Manager are vulnerable to SQL Injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
764c0111ae8ae757f9bc4ad86d2176345b8915225042a02c5117b991396719f1
Cisco Security Advisory - Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services. Cisco has released free software updates that address these vulnerabilities.
bf8fe1f4313182c2efa9abb500936634c002c59163440925ec20a1d58e3082e6
Red Hat Security Advisory 2013-0581-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
83255a61e34136f5a53d070ef5f7ed6fcc3c0acc3d075ab3db2fc929b13b0576
Red Hat Security Advisory 2013-0579-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges on the host.
07b3be05c32276a8368c1cdb50a625aa7b0ac9df2f22b1741885f260c9ffa053
Red Hat Security Advisory 2013-0578-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support Add-On for Red Hat Enterprise Linux 5.6 will conclude on July 31, 2013. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 EUS after that date. In addition, after July 31, 2013, technical support through Red Hat’s Global Support Services will no longer be provided for this Add-on. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 5.6.
9b0c1ec86786df925471c12cb7b8ce964c5ef70011fc533b6bb39561eba738e5
Simple Admin Page Finger is a module for the Recon-NG framework. It is considered a discovery module. It checks the hosts for possible administrator pages and administrative directories.
4914895681623dce79de46f5d8badd4a1e3dc760097df759a8c7ead8c0371e28
SecureCRT versions 7.0.3 and below suffer from an insecure password storage vulnerability.
9f86dc90948ca930efebc7be252ebd4c728f65185ebe4a3209f6b5906a974f44