Twenty Year Anniversary
Showing 51 - 75 of 425 RSS Feed

Files Date: 2013-04-01 to 2013-04-30

Red Hat Security Advisory 2013-0770-01
Posted Apr 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0770-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431
MD5 | 3d6022d62cc62f5ebc2e6215e3207d66
Cisco Security Advisory 20130424-fmdm
Posted Apr 24, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Device Manager contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands on a client host with the privileges of the user. This vulnerability affects Cisco Device Manager for the Cisco MDS 9000 Family and Cisco Nexus 5000 Series Switches when it is installed or launched via the Java Network Launch Protocol (JNLP) on a host running Microsoft Windows. Cisco Device Manager installed or launched from Cisco Prime Data Center Network Manager (DCNM) or Cisco Fabric Manager is not affected. This vulnerability can only be exploited if the JNLP file is executed on systems running Microsoft Windows. The vulnerability affects the confidentiality, integrity, and availability of the client host performing the installation or execution of Cisco Device Manager via JNLP file. There is no impact on the Cisco MDS 9000 Family or Cisco Nexus 5000 Series Switches. Cisco has released free software updates that address this vulnerability in the Cisco Device Manager for Cisco MDS 9000 Family Switches. Cisco Nexus 5000 Series Switches have discontinued the support of the Cisco Device Manager installation via JNLP and updates are not available. Workarounds that mitigate this vulnerability are available.

tags | advisory, java, remote, arbitrary, protocol
systems | cisco, windows
MD5 | 777bee516e6ae30b57cefd1a645c47a0
Red Hat Security Advisory 2013-0769-01
Posted Apr 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0769-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the Name Server Caching Daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.

tags | advisory
systems | linux, redhat, osx
advisories | CVE-2013-0242, CVE-2013-1914
MD5 | a1ea14576cb5a50317abe3fc0fa7840f
Cisco Linksys WRT310N 2.0.00 Denial Of Service
Posted Apr 24, 2013
Authored by Carl Benedict

Cisco Linksys WRT310N version 2.0.00 suffers from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
systems | cisco
MD5 | c3e934258a1e774852ae0a44ccf6d902
HP Security Bulletin HPSBHF02865 SSRT101158
Posted Apr 24, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF02865 SSRT101158 - A potential vulnerability has been identified with certain HP ElitePad tablet PCs. The secure boot feature of the BIOS may not be enabled, allowing alternate operating systems to be booted in contradiction with the BIOS configuration. Secure Boot is a feature that, when enabled, prevents the system firmware from booting to unauthorized boot loaders, option ROMs and operating systems that can run in the pre-boot environment. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2012-5218
MD5 | 011e81878aef3abaaf5e6c2247a7ca1e
Hornbill Supportworks ITSM 1.0.0 SQL Injection
Posted Apr 24, 2013
Authored by Joseph Sheridan | Site reactionpenetrationtesting.co.uk

Hornbill Supportworks ITSM version 1.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-2594
MD5 | a862138ccbce4d3ba11cb7a6b524031b
Mobius Forensic Toolkit 0.5.18
Posted Apr 23, 2013
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: This release features the new Gigatribe Agent extension, an extension to browse Gigatribe chat files. Five new registry reports have been added to the hive-report extension: Gigatribe accounts, Gigatribe download folders, Gigatribe requested passwords, Ares Search History, and Wifi Network List. Minor improvements and bugfixes have been made.
tags | tool, python, forensics
systems | unix
MD5 | 16f29a006cf092fd9b5426ea5dc9c89b
D-Link DIR-615 / DIR-300 XSS / CSRF / Command Injection / Insecure Crypto
Posted Apr 23, 2013
Authored by Michael Messner

D-Link DIR-615 and DIR-300 suffer from cross site request forgery, OS command injection, lack of cryptographic storage, header injection, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | a9f5fb973c1bc58c9310e6bc43519692
Clam AntiVirus Toolkit 0.97.8
Posted Apr 23, 2013
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: This release addresses several reported potential security bugs.
tags | tool, virus
systems | unix
MD5 | ac52bcbad3ea72eac08fedb9772f648b
Ubuntu Security Notice USN-1806-1
Posted Apr 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1806-1 - Ben Murphy discovered a vulnerability in the OpenJDK JRE related to information disclosure and data integrity. An attacker could exploit this to execute arbitrary code. James Forshaw discovered a vulnerability in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit this to execute arbitrary code. Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2013-0401, CVE-2013-1488, CVE-2013-2383, CVE-2013-2384, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436, CVE-2013-2423, CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422
MD5 | 687359434c6fa811372f354ba5624274
Ubuntu Security Notice USN-1804-2
Posted Apr 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1804-2 - USN-1804-1 fixed vulnerabilities in IcedTea-Web. This update introduced a regression with the Java Network Launching Protocol (JNLP) when fetching content over SSL under certain configurations, such as when using the community-supported IcedTead 7 browser plugin. This update fixes the problem. Various other issues were also addressed.

tags | advisory, java, web, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2013-1926, CVE-2013-1927
MD5 | e2f46d6aaa039dcfca3c638bd7bc3899
Microsoft Security Bulletin Re-Release For April, 2013
Posted Apr 23, 2013
Site microsoft.com

This bulletin summary lists two re-released Microsoft security bulletins for April, 2013.

tags | advisory
MD5 | 900f8c5bdcf4d131dcc6c3e9255af61f
Red Hat Security Advisory 2013-0744-01
Posted Apr 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0744-01 - Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2012-6537, CVE-2012-6546, CVE-2012-6547, CVE-2013-0349, CVE-2013-0913, CVE-2013-1767, CVE-2013-1773, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1826, CVE-2013-1827
MD5 | 861bf7771bcdc61200bc5921ce8c9555
SMF 2.0.4 PHP Code Injection
Posted Apr 23, 2013
Authored by Jakub Galczyk

SMF version 2.0.4 suffers from a remote PHP code injection vulnerability.

tags | exploit, remote, php
MD5 | b7a6bd4828ab4a0c48c32f53e27c6089
Janissaries Joomla Fingerprint Tool
Posted Apr 23, 2013
Authored by miyachung

This php script fingerprints a given Joomla system and then uses Packet Storm's archive to check for bugs related to the installed components.

tags | tool, scanner, php
systems | unix
MD5 | 03c9376b03602051ae3da8fec59dd373
Iframe URI Phishing
Posted Apr 23, 2013
Authored by G2

This is a brief tutorial that discusses obfuscation techniques used by phishers.

tags | paper
MD5 | 4195784dcfb2b2f2eaacc419cdd7220a
Java Applet Reflection Type Confusion Remote Code Execution
Posted Apr 23, 2013
Authored by juan vazquez, Jeroen Frijters | Site metasploit.com

This Metasploit module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.

tags | exploit, java
MD5 | 6c04b95db62a885c8d3ed42f40b5db1e
Debian Security Advisory 2663-1
Posted Apr 23, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2663-1 - Martin Schobert discovered a stack-based vulnerability in tinc, a virtual private network daemon.

tags | advisory
systems | linux, debian
advisories | CVE-2013-1428
MD5 | 7a194091d4096a75e0145168bbdf85d7
Mandriva Linux Security Advisory 2013-149
Posted Apr 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-149 - A local file inclusion flaw was found in the way RoundCube Webmail, a browser-based multilingual IMAP client, performed validation of the 'generic_message_footer' value provided via web user interface in certain circumstances. A remote attacker could issue a specially-crafted request that, when processed by RoundCube Webmail could allow an attacker to obtain arbitrary file on the system, accessible with the privileges of the user running RoundCube Webmail client. The updated packages have been upgraded to the 0.8.6 version which is not affected by this issue.

tags | advisory, remote, web, arbitrary, local, imap, file inclusion
systems | linux, mandriva
advisories | CVE-2013-1904
MD5 | c7f0400afeb765644a7f78afa2c7f845
Red Hat Security Advisory 2013-0746-01
Posted Apr 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0746-01 - An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level.

tags | advisory, arbitrary, kernel
systems | linux, redhat
advisories | CVE-2013-1591, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798
MD5 | bcb64333f0113760311cb42355f626f6
Red Hat Security Advisory 2013-0763-01
Posted Apr 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0763-01 - The JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. This release of JBoss Web Framework Kit 2.2.0 serves as a replacement for JBoss Web Framework Kit 2.1.0. It includes various bug fixes and enhancements which are detailed in the JBoss Web Framework Kit 2.2.0 Release Notes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2009-2625, CVE-2012-5783
MD5 | df4205a95bae4fb88aa6f8480a42fea2
Mandriva Linux Security Advisory 2013-150
Posted Apr 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-150 - Multiple unspecified vulnerabilities have been found and corrected in mysql. The updated packages provides the latest supported mysql version from the 5.1.x branch (5.1.69).

tags | advisory, vulnerability
systems | linux, mandriva
MD5 | 3c2d92e29d1dbf936dcb4e8871eff5a3
Mandriva Linux Security Advisory 2013-148
Posted Apr 22, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-148 - Cross-site scripting vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. A local file inclusion flaw was found in the way RoundCube Webmail, a browser-based multilingual IMAP client, performed validation of the 'generic_message_footer' value provided via web user interface in certain circumstances. A remote attacker could issue a specially-crafted request that, when processed by RoundCube Webmail could allow an attacker to obtain arbitrary file on the system, accessible with the privileges of the user running RoundCube Webmail client. The updated packages have been patched and upgraded to the 0.7.4 version which is not affected by these issues.

tags | advisory, remote, web, arbitrary, local, imap, xss, file inclusion
systems | linux, mandriva
advisories | CVE-2013-1904, CVE-2012-4668
MD5 | 387c1203ce4fdddbfa5536e61f101846
Tinc Virtual Private Network Daemon 1.0.21
Posted Apr 22, 2013
Authored by Ivo Timmermans | Site tinc-vpn.org

tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between multiple hosts on the Internet. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information.

Changes: This release lets tinc drop packets that are forwarded via TCP if they are too big.
tags | tool, encryption
systems | unix
advisories | CVE-2013-1428
MD5 | d7bc9ca38672c9da08d74ff2a3e8e36d
pyClamd 0.3.3
Posted Apr 22, 2013
Authored by Alexandre Norman | Site xael.org

pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way. Instead of pyClamav which uses libclamav, pyClamd may be used by a closed source product.

Changes: This release fixes bugs with multiple scans at once and with non-Latin filenames. It also adds a compatibility layer with part of the 0.2 API.
tags | virus, python
systems | unix
MD5 | 8bdc4c493bd7fe39b01adf16d92e9694
Page 3 of 17
Back12345Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    22 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close