what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 31 of 31 RSS Feed

Files Date: 2013-04-10 to 2013-04-11

Red Hat Security Advisory 2013-0729-01
Posted Apr 10, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0729-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP requests. A remote attacker could send pipelined HTTP requests that would cause HAProxy to crash or, potentially, execute arbitrary code with the privileges of the user running HAProxy. This issue only affected systems using all of the following combined configuration options: HTTP keep alive enabled, HTTP keywords in TCP inspection rules, and request appending rules.

tags | advisory, remote, web, overflow, arbitrary, tcp
systems | linux, redhat
advisories | CVE-2013-1912
SHA-256 | 41854353e6a0e4c5359c5ebbe5184c2f1dad84beadf5a5ac0c893ee8df873595
Red Hat Security Advisory 2013-0726-01
Posted Apr 10, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0726-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | a68e1234ef1b2374b1f2e977776d08ef9f9328b8506c929c71880d859d644c31
Mandriva Linux Security Advisory 2013-082
Posted Apr 10, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-082 - An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service via a malformed XTENSION header of a.fit file, as demonstrated using a long string.GIMP 2.8.2 and earlier is vulnerable to memory corruption when reading XWD files, which could lead even to arbitrary code execution. Additionally it fixes partial translations in several languages. This gimp update provides the stable maintenance release 2.8.2 which fixes the above security issues.

tags | advisory, remote, denial of service, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-3481, CVE-2012-3403, CVE-2012-3236, CVE-2012-5576
SHA-256 | 5eaae2aec299f35149b65e15fa71b0de901e1c8a4e1982ea1ee6034c3c19b62e
Adobe ColdFusion APSB13-03 Command Execution
Posted Apr 10, 2013
Authored by Jon Hart | Site metasploit.com

This Metasploit module exploits a pile of vulnerabilities in Adobe ColdFusion APSB13-03 including arbitrary command execution in scheduleedit.cfm (9.x only), directory traversal, and authentication bypass issues.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2013-0625, CVE-2013-0629, CVE-2013-0631, CVE-2013-0632
SHA-256 | fc81458d632a151d75dbee734ef554512dc7bbdc7f0bfbae5d6c44fcafa675bf
Sysax Multi Server 6.10 SSH Denial Of Service
Posted Apr 10, 2013
Authored by Matt Andreko

Sysax Multi Server version 6.10 suffers from an SSH denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 50cbbd9b67f7808e61c6265a8082071e7d09c673279aac4a56165ac92bd9fc96
WordPress Spiffy XSPF Player 0.1 SQL Injection
Posted Apr 10, 2013
Authored by Ashiyane Digital Security Team, Amirh03in

WordPress Spiffy XSPF Player third party plugin version 0.1 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | a3597f51aeac54bbb4fee719e49631114cfa5a22f8b62d1e4785cfcd18eedb2c
Page 2 of 2
Back12Next

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    21 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close