what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-03-26 to 2013-03-27

Debian Security Advisory 2653-1
Posted Mar 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2653-1 - It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program.

tags | advisory, overflow, cgi
systems | linux, debian
advisories | CVE-2012-6096
SHA-256 | 188c6990c5d7d4e8af29ece4784c5270cb5b7f19552d94beb18872c90df1f07b
Red Hat Security Advisory 2013-0686-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0686-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-6116, CVE-2012-6119, CVE-2013-0256, CVE-2013-0263, CVE-2013-0269, CVE-2013-0276, CVE-2013-1823
SHA-256 | 0963c8e1d61d8ac6df642de01a0698f0b64aa8bfa0d30d87859ee165ddb3111b
Red Hat Security Advisory 2013-0685-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0685-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.

tags | advisory, web, denial of service, overflow, arbitrary, perl
systems | linux, redhat
advisories | CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, CVE-2013-1667
SHA-256 | ac3fdd7299785f237b23d812f30be939d6a7f1979b5d7e5891f630a611337ac3
Ubuntu Security Notice USN-1781-1
Posted Mar 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1781-1 - Andrew Jones discovered a flaw with the xen_iret function in Linux kernel's Xen virtualizeation. In the 32-bit Xen paravirt platform an unprivileged guest OS user could exploit this flaw to cause a denial of service (crash the system) or gain guest OS privilege. A flaw was reported in the permission checks done by the Linux kernel for /dev/cpu/*/msr. A local root user with all capabilities dropped could exploit this flaw to execute code with full root capabilities. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774, CVE-2013-0228, CVE-2013-0268, CVE-2013-0311, CVE-2013-0313, CVE-2013-0349, CVE-2013-1774
SHA-256 | 5d7a43744d14bb2c4370a49a10df8406ceaadc56d80d851f94fd355ecc51efcc
SynConnect SQL Injection
Posted Mar 26, 2013
Authored by Bhadresh Patel

SynConnect suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 1d2086a1579126612368a2fdc3f6dd10002d80c1db58bebe694c8d37d17bc6af
HP Security Bulletin HPSBPV02855 SSRT100512
Posted Mar 26, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPV02855 SSRT100512 - A potential security vulnerability has been identified with HP ProCurve 1700-8 (J9079A) and 1700-24 (J9080A) switches. The vulnerability could be remotely exploited to allow a cross site request forgery (CSRF). Revision 1 of this advisory.

tags | advisory, csrf
advisories | CVE-2012-5216
SHA-256 | 2e61ba3966255a207f0b13b399cdac6e5f2c77f23523751c7a935394497465db
OrionDB Business Directory Script Cross Site Scripting
Posted Mar 26, 2013
Authored by 3spi0n

OrionDB Business Directory Script suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | d5a995d9550ed2998a600c0436a270646bf6cd2312e8abcf82a134b7bf8727a0
OWASP WAF Naxsi Bypass
Posted Mar 26, 2013
Authored by Safe3

OWASP WAF Naxsi suffers from a bypass vulnerability.

tags | exploit, bypass
SHA-256 | 086ae504afd9243fc50ad06efe7ad3f4780533c5b6293a8ed1470c10d736b667
Voila CMS SQL Injection
Posted Mar 26, 2013
Authored by Ashiyane Digital Security Team

Voila CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | eb568c55d31a6a7aa5bae7695951f99bfa77f3f0839b3f1edebeef4d17193784
Debian Security Advisory 2652-1
Posted Mar 26, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2652-1 - Brad Hill of iSEC Partners discovered that many XML implementations are vulnerable to external entity expansion issues, which can be used for various purposes such as firewall circumvention, disguising an IP address, and denial-of-service. libxml2 was susceptible to these problems when performing string substitution during entity expansion.

tags | advisory
systems | linux, debian
advisories | CVE-2013-0338, CVE-2013-0339
SHA-256 | 04ec56e7cfa9d1647f6ba4df2f17ae024aed83c6e87c37677e43bc3a80341400
ActFax 5.01 RAW Server Buffer Overflow
Posted Mar 26, 2013
Authored by corelanc0d3r, Craig Freyman, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW Server can be used to transfer fax messages without any underlying protocols. To note significant fields in the fax being transferred, like the fax number or the recipient, ActFax data fields can be used. This Metasploit module exploits a buffer overflow in the handling of the @F506 fields due to the insecure usage of strcpy. This Metasploit module has been tested successfully on ActFax 5.01 over Windows XP SP3 (English).

tags | exploit, overflow, protocol
systems | windows
advisories | OSVDB-89944
SHA-256 | d87e539151a571a848fa3efe35cc969a0ff60645c93035d902d039cfcf31fbc7
HP Intelligent Management Center Arbitrary File Upload
Posted Mar 26, 2013
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits a code execution flaw in HP Intelligent Management Center. The vulnerability exists in the mibFileUpload which is accepting unauthenticated file uploads and handling zip contents in a insecure way. Combining both weaknesses a remote attacker can accomplish arbitrary file upload. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.

tags | exploit, remote, arbitrary, code execution, file upload
systems | windows
advisories | CVE-2012-5201, OSVDB-91026
SHA-256 | 079cdacb84dcb53ea2b286f73c46ecd3048ca724d4b7282c111b8be7672a2194
XML Security Library 1.2.19
Posted Mar 26, 2013
Site aleksey.com

XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.

Changes: This release adds support for DSA-SHA256, ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, and ECDSA-SHA512, and fixes a number of miscellaneous bugs.
tags | library
systems | unix
SHA-256 | 2fc8f7c9fadb0f6c565bf304de798a875fc719005c20169f8e88028b20c8aac0
Ubuntu Security Notice USN-1780-1
Posted Mar 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1780-1 - Ben Murphy discovered that the Ruby REXML library incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of memory, resulting in a denial of service.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2013-1821
SHA-256 | c6dc7d6236b591435b374ba598fdfef6655065b7422004c2048c7595f92c7408
Red Hat Security Advisory 2013-0683-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0683-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5784
SHA-256 | 3628c67c09cb1d58f378fc54ee8bc4d98a205cf03c0b2e687a9e28c81488c349
Red Hat Security Advisory 2013-0682-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0682-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | d95bccd1b9e62a77af7540f0ceeac91fe2a96dd55a2b42d972613b36e2125610
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close