what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2013-03-01 to 2013-03-02

RSA Authentication Agent 7.1.1 Access Bypass
Posted Mar 1, 2013
Site emc.com

RSA Authentication Agent version 7.1.1 for Windows suffers from an issue where a user may incorrectly gain access to a desktop or a server.

tags | advisory
systems | windows
advisories | CVE-2013-0931
SHA-256 | 2f238efee7569fbed4654191f68bd99735eb85488927065675a4251d6a5453c0
Post XSS Exploitation: Advanced Attacks And Remedies
Posted Mar 1, 2013
Authored by Kritika Sobti, Adwiteeya Agrawal, Nishtha Jatana

This paper presents an in depth study of the dangers of XSS vulnerabilities and vulgarizes its exploitation, it also showcases the remedies of post XSS attacks that can be adopted as a safeguard. Further, they exploit a vulnerability and develop a novel module for one of the popular tools of post XSS exploitation. This module can be used to make a SIP (Session Initiation Protocol) call. It has been developed with the intention of being included into the new release of the XSSF framework.

tags | paper, vulnerability, protocol, xss
SHA-256 | 7dbbd574b496be79c52c8e911121efacadc66a405c4adb8ada6c3d26422c99a3
Drupal Premium Responsive 7.x Cross Site Scripting
Posted Mar 1, 2013
Authored by Greg Knaddison | Site drupal.org

Drupal Premium Responsive third party theme version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 23a80398649d04bef15c79c5973569ab416103be63a280e89197ff901240e339
Sami FTP Server 2.0.1 Buffer Overflow
Posted Mar 1, 2013
Authored by superkojiman

Sami FTP Server version 2.0.1 LIST command buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 76c68990c26282f90daa7b08769b610ef36c0b70a461d77e07ce83e387a745c6
Hanso Player 2.1.0 Buffer Overflow
Posted Mar 1, 2013
Authored by metacom

Hanso Player version 2.1.0 suffers from a buffer overflow vulnerability when handling malformed .m3u files.

tags | exploit, overflow
SHA-256 | 9f795d63d476e39c05ab7ce40363630a17581143203123982932bd0ff50c7f30
Packet Storm New Exploits For February, 2013
Posted Mar 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 157 exploits added to Packet Storm in February, 2013.

tags | exploit
systems | linux
SHA-256 | 3ca8c782834b8aa7cad0999737ca998d5dabc9d1a592cf13353edea165d992c6
Ubuntu Security Notice USN-1729-2
Posted Mar 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1729-2 - USN-1729-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in freezes and crashes when using multiple tabs with images displayed. This update fixes the problem. Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, Alon Zakai, Christian Holler, Gary Kwong, Luke Wagner, Terrence Cole, Timothy Nikkel, Bill McCloskey, and Nicolas Pierron discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0772, CVE-2013-0765, CVE-2013-0773, CVE-2013-0774, CVE-2013-0775, CVE-2013-0776, CVE-2013-0781, CVE-2013-0782
SHA-256 | 6c6ed11b905d9e5ea9eb087e8ebfaad6c611dc8cf1da9aad0b8b3490cc0c5f65
Oracle Auto Service Request File Clobber
Posted Mar 1, 2013
Authored by Larry W. Cashdollar

Oracle Auto Service Request insecure creates files in /tmp using time stamps allow for root-owned files to be clobbered.

tags | exploit, root
SHA-256 | 62958024223f7ff7956367f2a7735ad90e0b9970a5455344602162eceb1fc1e4
ROOTCON 7 Call For Papers
Posted Mar 1, 2013
Site rootcon.org

The ROOTCON 7 Call For Papers has been announced. It will be held September 13th and 14th, 2013 at the Parklane International Hotel, Cebu City, Philippines.

tags | paper, conference
SHA-256 | 85543dc5c5b8a98ff27a7f8d769ab9c20f51ed713742bf709afbcd9144128fec
PHP-Fusion 7.02.05 XSS / LFI / SQL Injection
Posted Mar 1, 2013
Authored by Janek Vind aka waraxe | Site waraxe.us

PHP-Fusion version 7.02.05 suffers from insecure backup handling, cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, php, vulnerability, xss, sql injection, file inclusion
SHA-256 | fa7b586afe0a410a0efe0520e47423439ff8a65220c5db6358b160d972751277
Oracle Enterprise Manager advReplicationAdmin SQL Injection
Posted Mar 1, 2013
Authored by Esteban Martinez Fayo | Site appsecinc.com

Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/advRepl/advReplicationAdmin in Oracle Enterprise Manager are vulnerable to SQL Injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.

tags | advisory, sql injection
advisories | CVE-2013-0372
SHA-256 | 764c0111ae8ae757f9bc4ad86d2176345b8915225042a02c5117b991396719f1
Cisco Security Advisory 20130227-cucm
Posted Mar 1, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
SHA-256 | bf8fe1f4313182c2efa9abb500936634c002c59163440925ec20a1d58e3082e6
Red Hat Security Advisory 2013-0581-01
Posted Mar 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0581-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2013-0338
SHA-256 | 83255a61e34136f5a53d070ef5f7ed6fcc3c0acc3d075ab3db2fc929b13b0576
Red Hat Security Advisory 2013-0579-01
Posted Mar 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0579-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges on the host.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-3411, CVE-2012-4542, CVE-2013-0311
SHA-256 | 07b3be05c32276a8368c1cdb50a625aa7b0ac9df2f22b1741885f260c9ffa053
Red Hat Security Advisory 2013-0578-01
Posted Mar 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0578-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, the Extended Update Support Add-On for Red Hat Enterprise Linux 5.6 will conclude on July 31, 2013. Accordingly, Red Hat will no longer provide updated packages, including critical impact security patches or urgent priority bug fixes, for Red Hat Enterprise Linux 5.6 EUS after that date. In addition, after July 31, 2013, technical support through Red Hat’s Global Support Services will no longer be provided for this Add-on. Note: This notification applies only to those customers subscribed to the Extended Update Support channel for Red Hat Enterprise Linux 5.6.

tags | advisory
systems | linux, redhat
SHA-256 | 9b0c1ec86786df925471c12cb7b8ce964c5ef70011fc533b6bb39561eba738e5
Simple Admin Page Finder For Recon-NG
Posted Mar 1, 2013
Authored by scryptz0

Simple Admin Page Finger is a module for the Recon-NG framework. It is considered a discovery module. It checks the hosts for possible administrator pages and administrative directories.

tags | tool
systems | unix
SHA-256 | 4914895681623dce79de46f5d8badd4a1e3dc760097df759a8c7ead8c0371e28
SecureCRT Insecure Password Storage
Posted Mar 1, 2013
Authored by Raffaele Addesso

SecureCRT versions 7.0.3 and below suffer from an insecure password storage vulnerability.

tags | advisory
SHA-256 | 9f86dc90948ca930efebc7be252ebd4c728f65185ebe4a3209f6b5906a974f44
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close