what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-03-19 to 2013-03-20

Verizon Fios Router MI424WR-GEN3I CSRF
Posted Mar 19, 2013
Authored by Jacob Holcomb

Verizon Fios Router version MI424WR-GEN3I suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2013-0126
SHA-256 | 0e3be0fba9127a1712cac4a67d60193e76d579ee1b98d581303cf603e867e082
Mozilla Firefox nsHTMLEditRules Use-After-Free
Posted Mar 19, 2013
Authored by Nicolas Joly, Chaouki Bekrar, VUPEN, Jordan Gruskovnjak | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error within the XUL "nsHTMLEditRules::nsHTMLEditRules()" function when processing certain objects, which could be exploited by remote attackers to compromise a vulnerable system via a malicious web page.

tags | advisory, remote, web
advisories | CVE-2013-0787
SHA-256 | f0d46293df9a00f2fa660f6e96989d985d27caaecef937c4a4865e96961181ee
WordPress Count Per Day 3.2.5 XSS
Posted Mar 19, 2013
Authored by m3tamantra

WordPress Count Per Day third party plugin version 3.2.5 suffers from a cross site scripting vulnerability due to trusting REFERER headers.

tags | exploit, xss
SHA-256 | 0064257fd5c4d757e56218fd6d6ad15c26c04eea4bedd1cd48f176df11011a09
WordPress Occasions 1.0.4 Cross Site Request Forgery
Posted Mar 19, 2013
Authored by m3tamantra

WordPress Occasions third party plugin version 1.0.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 9065b612a6814f4c3c807c0afb6fbf138b3642c802701417b8dfe94ebb4827a1
Cisco Type 4 Passwords Issue
Posted Mar 19, 2013
Authored by Cisco Systems | Site cisco.com

This is the Cisco response to research performed by Mr. Philipp Schmidt and Mr. Jens Steube from the Hashcat Project on the weakness of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt and Mr. Steube reported this issue to the Cisco PSIRT on March 12, 2013.

tags | advisory
systems | cisco, osx
SHA-256 | 34976fe412d86e813c374294d638b912a2a465950f6c8d1b2ec1e54dbfa7439f
ViewGit 0.0.6 Cross Site Scripting
Posted Mar 19, 2013
Authored by Matthew R. Bucci

ViewGit version 0.0.6 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-2294
SHA-256 | 20c97073d97750300a2356a5164432b210fc3c10d3b8e7ff551f05ed56a0236a
Mandriva Linux Security Advisory 2013-028
Posted Mar 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-028 - Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long host_name variable svc_description variable. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary, cgi
systems | linux, mandriva
advisories | CVE-2012-6096
SHA-256 | 92159bed908d90201ccd67aa806df2fd0aee85b7350ebb73a865dc48241f7458
Mandriva Linux Security Advisory 2013-027
Posted Mar 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-027 - ClamAV 0.97.7 addresses several reported potential security bugs. Thanks to Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team for finding and reporting these issues.

tags | advisory
systems | linux, mandriva
SHA-256 | 0d239760215b2ceda2c75b8bd343251c0dc4edb27fb1124474c8e6ec2645bbbe
Mandriva Linux Security Advisory 2013-026
Posted Mar 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-026 - sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Sudo before 1.8.6p7 allows a malicious user to run commands via sudo without authenticating, so long as there exists a terminal the user has access to where a sudo command was successfully run by that same user within the password timeout period. The updated packages have been patched to correct these issues.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2013-1775, CVE-2013-1776
SHA-256 | f0f9ae055a87151f153c71a8cb17a6c21c9dc1ffce22d7b02cf7c92907860a99
Ubuntu Security Notice USN-1767-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1767-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774, CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0228, CVE-2013-0231, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774
SHA-256 | 0af1b33f79ed871ef89c7d8fe33864480cd96aa475060b2761c30a4745e5fe02
Red Hat Security Advisory 2013-0656-01
Posted Mar 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0656-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. When a client attempts to use PKINIT to obtain credentials from the KDC, the client can specify, using an issuer and serial number, which of the KDC's possibly-many certificates the client has in its possession, as a hint to the KDC that it should use the corresponding key to sign its response. If that specification was malformed, the KDC could attempt to dereference a NULL pointer and crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-1016, CVE-2013-1415
SHA-256 | ae64f0d8660d8e70b0f6e87ef8c95b8e6cb89169331fdb488630f43097332517
Ubuntu Security Notice USN-1766-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1766-1 - Zbigniew Tenerowicz and Sebastian Krzyszkowiak discovered that pam-xdg-support incorrectly handled the PATH environment variable. A local attacker could use this issue in combination with sudo to possibly escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1052
SHA-256 | d8f008c000379aa9070ba6e75edcb0a1c9123812dfdae611b384d4e1fa1553ba
Ubuntu Security Notice USN-1769-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1769-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231, CVE-2013-0268, CVE-2013-0290, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231, CVE-2013-0268, CVE-2013-0290, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349
SHA-256 | a8ff2f766636f3eae7131ad2b4f9e1302223e8531b1447e2f89b734012c8df21
Ubuntu Security Notice USN-1768-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1768-1 - Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously. A failure to validate input was discovered in the Linux kernel's Xen netback (network backend) driver. A user in a guest OS may exploit this flaw to cause a denial of service to the guest OS and other guest domains. Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231, CVE-2013-0268, CVE-2013-0290, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-0190, CVE-2013-0216, CVE-2013-0217, CVE-2013-0231, CVE-2013-0268, CVE-2013-0290, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349
SHA-256 | 626e202d3ef8389359ef83ff7507b3727d016e8c8f062bfef2217e074f52d804
Ubuntu Security Notice USN-1765-1
Posted Mar 19, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1765-1 - Niels Heinen discovered that multiple modules incorrectly sanitized certain strings, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. It was discovered that the mod_proxy_ajp module incorrectly handled error states. A remote attacker could use this issue to cause the server to stop responding, resulting in a denial of service. This issue only applied to Ubuntu 8.04 LTS, Ubuntu 10.04 LTS and Ubuntu 11.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2012-4557, CVE-2013-1048, CVE-2012-3499, CVE-2012-4557, CVE-2012-4558, CVE-2013-1048
SHA-256 | 9767c3ba93f72fe50577dcb192dc592f8756c27311ba9608eac93daa121f26e9
PayPal Chinese Web Application Information Disclosure
Posted Mar 19, 2013
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

An information disclosure vulnerability existed in the official Chinese PayPal web service.

tags | exploit, web, info disclosure
SHA-256 | 0819e22b013abdf36efcc169f5458257ea767fb462ee471e8c7f3ff0ceb5cc22
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close