what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 342 RSS Feed

Files Date: 2013-05-01 to 2013-05-31

HP Security Bulletin HPSBPI02869 SSRT100936 2
Posted May 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI02869 SSRT100936 2 - A potential security vulnerability has been identified with HP LaserJet MFP printers, HP Color LaserJet MFP printers, and certain HP LaserJet printers. The vulnerability could be exploited remotely to gain unauthorized access to files. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2012-5221
SHA-256 | a9dca3c4825c47cafb0724eda81a516435346a85ffcf387d5a0d688c432d4542
Suricata IDPE 1.4.2
Posted May 30, 2013
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Several accuracy issues were fixed.
tags | tool, intrusion detection
systems | unix
SHA-256 | 0ed9bcae798b16c04479f383aac666e0fe08c910d554d64d85d2b36d2589f39a
Drupal Node Access User Reference 6.x / 7.x Access Bypass
Posted May 30, 2013
Authored by Jamie Wiseman | Site drupal.org

Drupal Node Access User Reference third party modules versions 6.x and 7.x suffer from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | 72f47a6a6e6973e3e39622ab4cf8126f6e774ec94630c12a495bf132fb669943
Maligno 0.6
Posted May 30, 2013
Authored by Juan J. Guelfo | Site encripto.no

Maligno is an open source penetration testing tool written in python, that serves Metasploit payloads. It generates shellcode with msfvenom and transmits it over HTTP or HTTPS. The shellcode is encrypted with AES and encoded with Base64 prior to transmission.

tags | tool, web, scanner, shellcode, python
systems | unix
SHA-256 | 31f2d0097dcb428cdfb4e14b20982cbccf4d799920eaa871858214dbddcd6c85
Drupal Edit Limit 7.x Access Bypass
Posted May 30, 2013
Authored by Morten Fangel | Site drupal.org

Drupal Edit Limit third party module version 7.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | d0b1f3c120e9f1a008b287af7cf39f84172469dc6999e6905fa78ed4ce37085d
Drupal Webform 6.x Cross Site Scripting
Posted May 30, 2013
Authored by Justin C. Klein Keane | Site drupal.org

Drupal Webform third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | fc0733d2cdfe52857e64d1f24c632b9b84ebd4e0e9019f5fa3d341a4c0fbbe16
Logic Print 2013 Stack Overflow
Posted May 30, 2013
Authored by h1ch4m

Logic Print 2013 suffers from a stack overflow vulnerability.

tags | exploit, overflow
SHA-256 | ba1216bc16af7f8d80b5c358f6e4541518b85fb4b8d3fc8150c331d6f1c6e2a1
Intrasrv Simple Web Server 1.0 Code Execution
Posted May 30, 2013
Authored by xis_one

Intrasrv Simple Web Server version 1.0 SEH based remote code execution exploit.

tags | exploit, remote, web, code execution
SHA-256 | 912fd073e0d783dd318697693b042acb7b403d1ca339837fcfa75c842e5512b8
ModSecurity Remote Null Pointer Dereference
Posted May 29, 2013
Authored by Younes JAAIDI

When ModSecurity receives a request body with a size bigger than the value set by the "SecRequestBodyInMemoryLimit" and with a "Content-Type" that has no request body processor mapped to it, ModSecurity will systematically crash on every call to "forceRequestBodyVariable" (in phase 1). This is the proof of concept exploit. Versions prior to 2.7.4 are affected.

tags | exploit, proof of concept
advisories | CVE-2013-2765
SHA-256 | b4e14816e4c5cdc0de651f2cc750a97fa531e3a0c488cb71922a3bc534259845
ZoneDirector User Authentication Bypass
Posted May 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered in ZoneDirector controllers during standard internal bug reporting procedures. This vulnerability may allow a malicious user to gain unauthorized access to the ZoneDirector administrative web interface.

tags | advisory, web, bypass
SHA-256 | 490680f010ed632a71b903374189cc43de53208be861742cff821a065866c2aa
Monkey HTTPD 1.1.1 Denial Of Service
Posted May 29, 2013
Authored by dougtko

Monkey HTTPD version 1.1.1 suffers from a denial of service vulnerability.

tags | exploit, denial of service
advisories | CVE-2013-3724
SHA-256 | 9f43c0d9a2bd9b380f9c63f0e17d6265c76af43e959168f66ca0eb9c22f6dac0
Debian Security Advisory 2695-1
Posted May 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2695-1 - Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected.

tags | advisory, web, vulnerability, xss
systems | linux, debian
advisories | CVE-2013-2837, CVE-2013-2838, CVE-2013-2839, CVE-2013-2840, CVE-2013-2841, CVE-2013-2842, CVE-2013-2843, CVE-2013-2844, CVE-2013-2845, CVE-2013-2846, CVE-2013-2847, CVE-2013-2848, CVE-2013-2849
SHA-256 | a1be0c732a451012a3ce3790491e07d11ec1d79c4b31ee3517a8f1106d62c7d6
Ubuntu Security Notice USN-1843-1
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1843-1 - It was discovered that GnuTLS incorrectly handled certain padding bytes. A remote attacker could use this flaw to cause an application using GnuTLS to crash, leading to a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2116
SHA-256 | bdf64ce78ce70768d1fe3ce67fda771767ed7e96de1d354350dab867eaaad7d3
Ruckus SSH Server Tunneling Issue
Posted May 29, 2013
Authored by Ruckus Product Security Team

A user authentication bypass vulnerability has been discovered during standard internal bug reporting procedures in some of the Ruckus devices. This vulnerability may permit an unauthenticated malicious user with network access to port 22 to tunnel random TCP traffic to other hosts on the network via Ruckus devices.

tags | advisory, tcp, bypass
SHA-256 | 3c7292de3b3be1ee12992e0ae63f056545cf432aee257c5c37c07bd209db55b4
RSA Authentication Manager 8.0 Injection / Disclosure
Posted May 29, 2013
Site emc.com

RSA Authentication Manager version 8.0 suffers from information disclosure and PostgreSQL argument injection vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2013-0947, CVE-2013-1899
SHA-256 | 51025b283bf7b06aa4e48a2045497a92ea112092445f55c38c3447b5bb77e3c5
Mandriva Linux Security Advisory 2013-169
Posted May 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-169 - A heap based buffer overflow vulnerability has been found with data that happens to be output on the READLINE address. Successful exploitation may allow an attacker to execute arbitrary code with the privileges of the socat process. Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been patched to correct these issues.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0219, CVE-2013-3571
SHA-256 | be1c65865610ffa4ea64d482af3d1506e85a734aee82c78be916717a870a7144
Debian Security Advisory 2696-1
Posted May 29, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2696-1 - A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets and they are not permitted to see.

tags | advisory
systems | linux, debian
advisories | CVE-2013-3551
SHA-256 | 640ea9174e71b305a5f1b339da29ee15b1585728d406cc4960dddb989aadb1bf
Ubuntu Security Notice USN-1842-1
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1842-1 - It was discovered that KIO would sometimes display web authentication credentials under certain error conditions. If a user were tricked into opening a specially crafted web page, an attacker could potentially exploit this to expose confidential information.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2013-2074
SHA-256 | 5c9dfe86b629e13c70465ca13b50699af22a4c89469cb4a7e9f48576a2adb371
Mandriva Linux Security Advisory 2013-170
Posted May 29, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-170 - Under certain circumstances an FD leak occurs and can be misused for denial of service attacks against socat running in server mode. The updated packages have been upgraded to the latest version which is not vulnerable to this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2013-3571
SHA-256 | b6470f67993d2d22bc91e370c86c46404de158d07c1702819900e876709ab063
YeaLink IP Phone Firmware 9.70.0.100 Missing Authentication
Posted May 29, 2013
Authored by b0hr

YeaLink IP Phone firmware versions 9.70.0.100 and below suffer from an unauthenticated phone call vulnerability.

tags | exploit, bypass
SHA-256 | 22671d10a80df232f64150e4e78af6be36a8803fbdb6475a8eb01087172a3425
TP-LINK WR842ND Directory Traversal
Posted May 29, 2013
Authored by Adam Simuntis

TP-LINK WR842ND suffers from a remote directory traversal vulnerability.

tags | exploit, remote, file inclusion
SHA-256 | ac4197fdb577b1dab807bec29d445b9cd6d5ff28f301aaac5ea7915033dfc735
MIMEDefang Email Scanner 2.74
Posted May 29, 2013
Authored by Dianne Skoll | Site mimedefang.org

MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.

Changes: A new "action_add_entity" function allows you to add a pre-built MIME::Entity to the message. A new "load1" command shows the load in a more convenient format than the older "load" command. Additionally, "watch-multiple-mimedefangs.tcl" takes advantage of load1 to display load graphs in a more useful format. Finally, quite a few Perl deprecations, bugs, and documentation errors were fixed.
systems | windows, unix
SHA-256 | 8235ee04f4189bc07a3fe23cd8d28c1f794edd27430d87abbda4d3a71671592d
Security Notice For CA Process Automation (CA PAM)
Posted May 29, 2013
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2010-1871
SHA-256 | 2e54655588c25bdefe31a55c53e84ad769d4df7d8697929e133e8c471bd7394d
Ubuntu Security Notice USN-1831-2
Posted May 29, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1831-2 - USN-1831-1 fixed a vulnerability in OpenStack Nova. The upstream fix introduced a regression where instances using uncached QCOW2 images would fail to start. This update fixes the problem. Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
SHA-256 | a50ab4b4de6a17a5bf675ce2e2d8f1ac4f8d0e30adadd5f88dc4ecf39fa42552
TP-Link IP Camera Hardcoded Credentials / Command Injection
Posted May 28, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon | Site coresecurity.com

TP-Link IP cameras suffer from hard-coded credential and remote command execution vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2013-2573, CVE-2013-2572
SHA-256 | d96b583866927f2f59a08545c251d956a2dfef2c6512197cefb588c1ac39997b
Page 1 of 14
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close