what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 435 RSS Feed

Files Date: 2013-03-01 to 2013-03-31

XML Security Library 1.2.19
Posted Mar 26, 2013
Site aleksey.com

XML Security Library is a C library based on LibXML2. It provides an implementation for major XML security standards: XML Digital Signature and XML Encryption.

Changes: This release adds support for DSA-SHA256, ECDSA-SHA1, ECDSA-SHA224, ECDSA-SHA256, ECDSA-SHA384, and ECDSA-SHA512, and fixes a number of miscellaneous bugs.
tags | library
systems | unix
SHA-256 | 2fc8f7c9fadb0f6c565bf304de798a875fc719005c20169f8e88028b20c8aac0
Ubuntu Security Notice USN-1780-1
Posted Mar 26, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1780-1 - Ben Murphy discovered that the Ruby REXML library incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of memory, resulting in a denial of service.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2013-1821
SHA-256 | c6dc7d6236b591435b374ba598fdfef6655065b7422004c2048c7595f92c7408
Red Hat Security Advisory 2013-0683-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0683-01 - Apache Axis is an implementation of SOAP. It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5784
SHA-256 | 3628c67c09cb1d58f378fc54ee8bc4d98a205cf03c0b2e687a9e28c81488c349
Red Hat Security Advisory 2013-0682-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0682-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | d95bccd1b9e62a77af7540f0ceeac91fe2a96dd55a2b42d972613b36e2125610
Red Hat Security Advisory 2013-0681-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0681-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | 32357ad3c21abbde9aeddcd05fca1be975960a8cba6312d5deb4800bbee711a2
Red Hat Security Advisory 2013-0680-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0680-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | 2dd2db97370c098a4f39f5dc56456545d352223c7fde8c6bcf1f9878474aab13
Red Hat Security Advisory 2013-0679-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0679-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | 9cd819992de5ae233e4a9109208d7923df8497bb312ffc625e5b504206be0ef7
LinkedIn Investors Cross Site Scripting
Posted Mar 25, 2013
Authored by Eduardo Garcia Melia

The LinkedIn Investors site suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 20cf335eff36b02cd7cdf733bd516815daeadfdbe43552c66b7dc93b741b649a
LinkedIn Cross Site Request Forgery
Posted Mar 25, 2013
Authored by Vicente Aguilera Diaz

LinkedIn suffers from a cross site request forgery vulnerability in the "Add Connections" invitation functionality.

tags | exploit, csrf
SHA-256 | c5b139a72bbd7b02ada9279c197de33ad532f99e9aef4a08b3dc7dd686b75a16
Slackware Security Advisory - php Updates
Posted Mar 25, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1635,CVE-2013-1643.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2013-1635, CVE-2013-1643
SHA-256 | e481a7708968f1a52826eb94e8afaae71ad3b4113b2142ef2c738d536aedb1ad
LiquidXML Studio 2012 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2012 active-x insecure method executable file creation exploit.

tags | exploit, activex
SHA-256 | 6229e6a4ed53e4f7fa659d84fce3e63cba583a5308f9dd12b2ecceb5f4d277b4
LiquidXML Studio 2010 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2010 active-x insecure method executable file creation exploit.

tags | exploit, activex
SHA-256 | d7802fe8f8971ac958b1ceae16b3c8417f9ad33014ba900fd85193453802609e
Mitsubishi MX Component Active-X Code Execution
Posted Mar 25, 2013
Authored by Dr_IDE

Mitsubishi MX Component version 3 remote exploit that binds a shell to port 5500.

tags | exploit, remote, shell, activex
SHA-256 | f9719948c2c98d6b095ce092b25be702eceda9fb377c0bb7f0b7c81a29f57509
Mobius Forensic Toolkit 0.5.17
Posted Mar 25, 2013
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: This release adds support for physical device's datasources. Minor improvements were made. Bugs were fixed.
tags | tool, python, forensics
systems | unix
SHA-256 | 96572d815cb2a391c7c15a03fc0240366cd4997c4e93649fa5658abd9bbe344c
WordPress Mathjax Latex 1.1 Cross Site Request Forgery
Posted Mar 25, 2013
Authored by Junaid Hussain

WordPress Mathjax Latex version 1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | eef9fe57923060a3364f12106f5449c6b6f9790fc30d849f3f71887ff567f95a
Ubuntu Security Notice USN-1779-1
Posted Mar 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1779-1 - It was discovered that GNOME Online Accounts did not properly check SSL certificates when configuring online accounts. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise credentials and confidential information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-0240, CVE-2013-1799
SHA-256 | adbacb28c661e86390c76fd91c4d6379200052be7d4fa1b8d22419c32c854f3f
Ubuntu Security Notice USN-1732-3
Posted Mar 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1732-3 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2012-2686, CVE-2013-0169, CVE-2013-0169
SHA-256 | 714d0b8055324fad3bfe313fe9719e788dc74886687fb2bdee9de630373218b6
WP Banners Lite 1.40 Cross Site Scripting
Posted Mar 25, 2013
Authored by Zerial

WordPress Banners Lite third party plugin versions 1.40, 1.31, and 1.29 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f84aab438dea368c84895e35221d0f2a92675a6dd8c837c8c8ab87b3b72b0d98
360-FAAR Firewall Analysis Audit And Repair 0.4.0
Posted Mar 25, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release changes the command line options and permits you to process as many configs as you choose. All code has been refactored into subroutines. Three new modes have been added: 'load' mode allows you to load new config bundles into an already running instance of 360-FAAR, 'copylog' mode associates a log file from one config with another loaded or new config, 'help' mode prints info about all of the other modes. Undefined warnings have been resolved when using CTRL-C to exit the user loop.
tags | tool, perl
systems | unix
SHA-256 | 41bfa76a0f30836f748df3bae1e6d18768164aff324a3ee88f2b0fac668f3430
Rosewill RSVA11001 Remote Code Execution
Posted Mar 25, 2013
Authored by Eric Urban

Rosewill RSVA11001 Hi3515 suffers from a remote command execution vulnerability due to feeding unsanitized user-supplied data to ntpdate.

tags | exploit, remote
SHA-256 | 80805c21f51ff3a27c9541a62622f652aef81a570b3ef82ba5fd1f2de36392f3
Ra1NX PHP Bot Authentication Bypass Remote Code Execution
Posted Mar 25, 2013
Authored by bwall | Site metasploit.com

This Metasploit module allows remote command execution on the PHP IRC bot Ra1NX by using the public call feature in private message to covertly bypass the authentication system.

tags | exploit, remote, php
SHA-256 | 0ca2edc3146081af6b7cfa1d1b095743c8a69ad6f34856249388fa89e835a862
Innovative Web Ideas SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

Sites design by Innovate Web Ideas suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | bf6fc35b391a94b2b16e5590b8c4c0d5f07fb050c944de0910f7590851baf3ee
IconCool MP3 WAV Converter 3.00 Build 120518 Buffer Overflow
Posted Mar 25, 2013
Authored by G0li47h

IconCool MP3 WAV Converter version 300 build 120518 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | d3641b585f54cc9b0731daf5e96fa4214b50373efc2ae5123d82ea0503497eee
WordPress Finalist SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

WordPress Finalist third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | de24cb85c27e3140bfb6cb282c818c326e61dc11a2adec14efb28b613e4b6d5a
WordPress Level Four Storefront SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

WordPress Level Four Storefront third party plugin version 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 2793e0426823c0d4d1943351bb6e17f5cc58a108b2a54e19c3b5dff67efbd20e
Page 4 of 18
Back23456Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close