exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-03-28 to 2013-03-29

Ubuntu Security Notice USN-1782-1
Posted Mar 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1782-1 - It was discovered that libxml2 incorrectly handled XML entity expansion. An attacker could use this flaw to cause libxml2 to consume large amounts of resources, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-0338
SHA-256 | 8016649df7936a08004b2ecb225d08e87a24eada7f4d4e8cc369501b71865951
Java CMM Remote Code Execution
Posted Mar 28, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.

tags | exploit, java, arbitrary
systems | windows
advisories | CVE-2013-1493, OSVDB-90737
SHA-256 | 257e7dc02cc758e02ddfc07622def557b152de2354df0f2e8e6ddd5a95045d43
v0pCr3w Web Shell Remote Code Execution
Posted Mar 28, 2013
Authored by bwall | Site metasploit.com

This Metasploit module exploits a lack of authentication in the shell developed by v0pCr3w and is widely reused in automated RFI payloads. This Metasploit module takes advantage of the shell's various methods to execute commands.

tags | exploit, shell
SHA-256 | c98b44143d435c087fc71dd51541d105f13f0b99cdf31def59cce893a060e474
Asterisk Project Security Advisory - AST-2013-003
Posted Mar 28, 2013
Authored by Kinsey Moore | Site asterisk.org

Asterisk Project Security Advisory - When authenticating via SIP with alwaysauthreject enabled, allowguest disabled, and autocreatepeer disabled, Asterisk discloses whether a user exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

tags | advisory
advisories | CVE-2013-2264
SHA-256 | 7ce9d396f6a8843def45150840621abd66a61195ea9967e14e7c6392d62f7a27
Cisco Security Advisory 20130327-rsvp
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Resource Reservation Protocol (RSVP) feature in Cisco IOS Software and Cisco IOS XE Software contains a vulnerability when used on a device that has Multiprotocol Label Switching with Traffic Engineering (MPLS-TE) enabled. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a reload of the affected device. Repeated exploitation could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco, osx
SHA-256 | 6c8d5ab39e1579248c235ac0fb6d130f03287e1bfe1c2113cc6a6081582b9a36
Drupal Common Wikis 7.x Access Bypass / Privilege Escalation
Posted Mar 28, 2013
Authored by Ezra Barnett Gildesgame, Joseph Pontani, Jakob Perry | Site drupal.org

Drupal Common Wikis third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 0ead0c1b6461de562721b99bba7a816c5c188b5649caf9a8533d5386639df1ea
EMC Smarts Product Cross Site Scripting
Posted Mar 28, 2013
Site emc.com

EMC Smarts Product versions prior to 9.2 contain a cross site scripting vulnerability that could potentially be exploited by malicious users.

tags | advisory, xss
advisories | CVE-2013-0936
SHA-256 | 883d4810ac2c6054019ce2ac8a31a3711e9315ccc3a0dc8dd3c1d89e8cf6b06d
Asterisk Project Security Advisory - AST-2013-002
Posted Mar 28, 2013
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - AST-2012-014, fixed in January of this year, contained a fix for Asterisk's HTTP server since it was susceptible to a remotely-triggered crash. The fix put in place fixed the possibility for the crash to be triggered, but a possible denial of service still exists if an attacker sends one or more HTTP POST requests with very large Content-Length values.

tags | advisory, web, denial of service
advisories | CVE-2013-2686
SHA-256 | 7a1b07b00aaec1a54c4a018a3363c0392f9374f44ef12df07d9140f78bd6c056
Cisco Security Advisory 20130327-ike
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Internet Key Exchange (IKE) feature contains a denial of service (DoS) vulnerability. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, denial of service
systems | cisco
SHA-256 | f65bd4e39e183642a6d2572c9a108eb5574fee859a6831d2e4f41be3dc70ee7e
Drupal Common Groups 7.x Access Bypass / Privilege Escalation
Posted Mar 28, 2013
Authored by Ezra Barnett Gildesgame, Joseph Pontani, Jakob Perry | Site drupal.org

Drupal Common Groups third party module version 7.x suffers from access bypass and privilege escalation vulnerabilities.

tags | advisory, vulnerability
SHA-256 | f669c1b9745c7be65686fd69d8357c49ea773ce0b1124fee20ef6d5c5668bc43
Cisco Security Advisory 20130327-nat
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the virtual routing and forwarding (VRF) aware network address translation (NAT) feature contains a vulnerability when translating IP packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | d8a9ebcc5bcdbb846ebb55212f513487470545447c60d9e5baa8b680cb2e36b9
Asterisk Project Security Advisory - AST-2013-001
Posted Mar 28, 2013
Authored by Jonathan Rose | Site asterisk.org

Asterisk Project Security Advisory - The format attribute resource for h264 video performs an unsafe read against a media attribute when parsing the SDP. The vulnerable parameter can be received as strings of an arbitrary length and Asterisk attempts to read them into limited buffer spaces without applying a limit to the number of characters read. If a message is formed improperly, this could lead to an attacker being able to execute arbitrary code remotely.

tags | advisory, arbitrary
advisories | CVE-2013-2685
SHA-256 | 6dbcc321fa05a34d90ae2594f9ee9d1f4e3a55fa0610c69189ee26ee7c7e8f70
Drupal Rules 7.x Cross Site Scripting
Posted Mar 28, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Rules third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | f2f8ca4e2b4ae29b0c45ac10b1bad3aa48a53157f2aaec80b06f22bcc52c9cd0
BlazeDVD Free Edition 6.1.1.6 Buffer Overflow
Posted Mar 28, 2013
Authored by metacom

BlazeDVD Free Edition version 6.1.1.6 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | bdbc3385b746b6b0cb6e4960656a9e6c260df28173c52e32937cf108929fe845
Cisco Security Advisory 20130327-smartinstall
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Affected devices that are configured as Smart Install clients are vulnerable. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that have the Smart Install client feature enabled.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | 42356950e1cc56926e25264368f0756b639d7b291d5d8fd340c0a7946bc690e8
Drupal Zero Point 7.x Cross Site Scripting
Posted Mar 28, 2013
Authored by Dennis Walgaard | Site drupal.org

Drupal Zero Point third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 37b56deaef01f5ce524a97748fc68d4f269a0f41f3264e6e15807a3c27e9942b
Cisco Security Advisory 20130327-pt
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software Protocol Translation (PT) feature contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 7bfd2bd455cd5f6b92d91689d93812aab9c993e272761cdfb6ba0d2c3bf6c303
Red Hat Security Advisory 2013-0687-01
Posted Mar 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0687-01 - Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2013-1591
SHA-256 | a3774347ea45c3c7ae68e1074b90367573297995db1225f26b9651f2ad1564ed
Cisco Security Advisory 20130327-ipsla
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software implementation of the IP Service Level Agreement (IP SLA) feature contains a vulnerability in the validation of IP SLA packets that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability. Mitigations for this vulnerability are available.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | 4162210f7ba691ed071fdc74e025a5bdfb0887df0caea4092a5359e11414c57b
Cisco Security Advisory 20130327-cce
Posted Mar 28, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of services. Only devices that are configured for SIP inspection are affected by this vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds for devices that must run SIP inspection.

tags | advisory, protocol, memory leak
systems | cisco
SHA-256 | 8311d0cd7dd53190ebee1eb5be28570c0c0e1924521c952b8fe0af8712142057
HP Security Bulletin HPSBST02848 SSRT101112
Posted Mar 28, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02848 SSRT101112 - A potential security vulnerability has been identified with HP XP P9000 Command View Advanced Edition Suite products including HP P9000 Command View Advanced Edition Software (DevMgr), HP XP Provisioning Manager Software (ProvMgr), HP P9000 Replication Manager Software (RepMgr), and HP P9000 Tiered Storage Manager Software (TSMgr). The vulnerability could be remotely exploited resulting in a disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-0053
SHA-256 | 5a5dcb7601ecc8493e08966dbb1d863b2d8e50c35ab09c95d4634bbc73448fcf
Slackware Security Advisory - bind Updates
Posted Mar 28, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2266.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-2266
SHA-256 | a993d939b799c47a47bff241e1f49b6b00f251765344dc7c88ca3e0f7c959802
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close