the original cloud security
Showing 26 - 50 of 342 RSS Feed

Files Date: 2013-05-01 to 2013-05-31

Red Hat Security Advisory 2013-0876-01
Posted May 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0876-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-5575
MD5 | cffa120e5a63d36ea232916789a42ba7
Red Hat Security Advisory 2013-0872-01
Posted May 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0872-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 and tomcat6 init scripts handled the tomcat5-initd.log and tomcat6-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. Note: With this update, tomcat5-initd.log and tomcat6-initd.log have been moved to the /var/log/ directory.

tags | advisory, java, web, arbitrary, root
systems | linux, redhat
advisories | CVE-2013-1976
MD5 | ed94598d55938f4170e41c47228913f2
Red Hat Security Advisory 2013-0873-01
Posted May 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0873-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-5575
MD5 | f3d0f9f6dd7593ba1360b0589ea65e34
Red Hat Security Advisory 2013-0871-01
Posted May 28, 2013
Authored by Red Hat | Site access.redhat.com

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 and tomcat7 init scripts handled the tomcat6-initd.log and tomcat7-initd.log log files. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root.

tags | advisory, java, web, arbitrary, root
systems | linux, redhat
advisories | CVE-2013-1976
MD5 | d15de7988e95de7b9f89e951ce09a912
Red Hat Security Advisory 2013-0875-01
Posted May 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0875-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-5575
MD5 | c4858f10841b3bb735498d225b9fb01e
Red Hat Security Advisory 2013-0874-01
Posted May 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0874-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2012-5575
MD5 | 7ca9909f79f524a3a96701f9bdf9bc1d
Red Hat Security Advisory 2013-0870-01
Posted May 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0870-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file.

tags | advisory, java, web, arbitrary, root
systems | linux, redhat
advisories | CVE-2013-1976
MD5 | 89fdaf3a30c5e70aed2aff4dfe370a08
Red Hat Security Advisory 2013-0868-01
Posted May 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0868-01 - HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP requests. A remote attacker could send pipelined HTTP requests that would cause HAProxy to crash or, potentially, execute arbitrary code with the privileges of the user running HAProxy. This issue only affected systems using all of the following combined configuration options: HTTP keep alive enabled, HTTP keywords in TCP inspection rules, and request appending rules.

tags | advisory, remote, web, overflow, arbitrary, tcp
systems | linux, redhat
advisories | CVE-2013-1912
MD5 | e33f34f364f4c40cedf4ade31598b1fd
Red Hat Security Advisory 2013-0869-01
Posted May 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0869-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory.

tags | advisory, java, web, arbitrary, root
systems | linux, redhat
advisories | CVE-2013-1976, CVE-2013-2051
MD5 | 0e0ede29acd730c0034bc393bbeeb840
Ubuntu Security Notice USN-1841-1
Posted May 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1841-1 - It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. It was discovered that Tomcat incorrectly handled certain authentication requests. A remote attacker could possibly use this flaw to inject a request that would get executed with a victim's credentials. This issue only affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 12.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3544, CVE-2013-2067, CVE-2013-2071, CVE-2012-3544, CVE-2013-2067, CVE-2013-2071
MD5 | 01f2a6f6096be9454c3ac2d6c009cba2
SIEMENS Solid Edge ST4 SEListCtrlX Code Execution
Posted May 28, 2013
Authored by rgod | Site retrogod.altervista.org

SIEMENS Solid Edge ST4 SEListCtrlX active-x control SetItemReadOnly suffers from an arbitrary memory rewrite remote code execution vulnerability. Proof of concept included.

tags | exploit, remote, arbitrary, code execution, activex, proof of concept
systems | linux
MD5 | a118dcd112785d12a39adf1ac5528e02
MayGion IP Camera Path Traversal / Buffer Overflow
Posted May 28, 2013
Authored by Core Security Technologies | Site coresecurity.com

Core Security Technologies Advisory - MayGion IP cameras suffer from path traversal and buffer overflow vulnerabilities.

tags | exploit, overflow, vulnerability
advisories | CVE-2013-1604, CVE-2013-1605
MD5 | f611d0febd66099704178b71f51b7e29
IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
Posted May 28, 2013
Authored by Alexander Gavrun, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap based buffer overflow in the C1Tab ActiveX control, while handling the TabCaption property. The affected control can be found in the c1sizer.ocx component as included with IBM SPSS SamplePower 3.0. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1.

tags | exploit, overflow, activex
systems | windows, xp, 7
advisories | CVE-2012-5946, OSVDB-92845
MD5 | ce698c98303b4f1491ee2e51696534d3
Debian Security Advisory 2694-1
Posted May 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2694-1 - A privilege escalation vulnerability has been found in SPIP, a website engine for publishing, which allows anyone to take control of the website.

tags | advisory
systems | linux, debian
MD5 | d8c43abbdc5cefb95ce15a3369a75e41
Ubuntu Security Notice USN-1839-1
Posted May 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1839-1 - A flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system. Andy Lutomirski discover an error in the Linux kernel's credential handling on unix sockets. A local user could exploit this flaw to gain administrative privileges. A buffer overflow vulnerability was discovered in the Broadcom tg3 ethernet driver for the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash the system) or potentially escalate privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2013-2094, CVE-2013-1979, CVE-2013-1929, CVE-2013-3301, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-3301
MD5 | 619de0c64a74e0f5e95eae9dc51d28b6
Mandriva Linux Security Advisory 2013-168
Posted May 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-168 - httplib2 only validates SSL certificates on the first request to a connection, and doesn't report validation failures on subsequent requests.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-2037
MD5 | a9b8603d36422ded046143f509967224
Debian Security Advisory 2675-2
Posted May 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2675-2 - A regression was discovered in the security update for libxvmc, causing segfaults with some applications. Updated packages are available to address this problem. For reference, the original advisory text follows.

tags | advisory
systems | linux, debian
advisories | CVE-2013-1990, CVE-2013-1999
MD5 | eb778ea4389da124923cfee56b6b20e6
Mandriva Linux Security Advisory 2013-167
Posted May 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-167 - OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. Plaintext recovery may be possible using a padding oracle attack on the CBC mode cipher implementation of the crypto library, optimistically at a rate of about one character per 3 hours. PolarSSL seems vulnerable to such an attack; the vulnerability of OpenSSL has not been verified or tested.

tags | advisory, udp, crypto
systems | linux, mandriva
advisories | CVE-2013-2061
MD5 | e4c96f81d7bca3fd718fb6c1f4d13cdc
Debian Security Advisory 2693-1
Posted May 28, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2693-1 - Ilja van Sprundel of IOActive discovered several security issues in multiple components of the X.org graphics stack and the related conversions, buffer overflows, memory corruption and missing input sanitising may lead to privilege escalation or denial of service.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2013-1981, CVE-2013-1997, CVE-2013-2004
MD5 | 7db3dd6da115f2e9f7e855841f3ae6ca
aidSQL SQL Injection Detection And Exploitation Tool 20130527
Posted May 28, 2013
Authored by Federico Stange | Site code.google.com

aidSQL SQL injection detection and exploitation tool is a modular PHP scanner that allows you to develop your own plugins for use.

Changes: This version improves --interactive mode and adds MS SQL SERVER 2000 injection and reverse engineer support.
tags | tool, scanner, php, sql injection
systems | linux, unix
MD5 | 65f15e7ccff855576a15708deb7869d9
Apache Struts 2 XSS / Command Execution
Posted May 28, 2013
Authored by Rene Gielen | Site struts.apache.org

Apache Struts has released version 2.3.14.2. This version addresses a security issue. A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks.

tags | advisory, remote, xss
advisories | CVE-2013-2115
MD5 | 6bd04cf2bc8a778fb11409bf324f5615
Barracuda SSL VPN 680 2.2.2.203 Open Redirect
Posted May 28, 2013
Authored by Chokri Ben Achor, Dave Farrow | Site vulnerability-lab.com

Barracuda SSL VPN 680 2.2.2.203 suffers from an open redirection vulnerability.

tags | exploit
MD5 | 92b9652ea5e66ccbc8052e5c1c8aa05c
Zavio IP Camera Command Injection / Bypass
Posted May 28, 2013
Authored by Core Security Technologies, Nahuel Riva, Francisco Falcon | Site coresecurity.com

Core Security Technologies Advisory - Zavio IP cameras based on firmware versions 1.6.03 and below suffer from bypass, hard-coded credential, and arbitrary command execution vulnerabilities.

tags | exploit, arbitrary, vulnerability
advisories | CVE-2013-2567, CVE-2013-2568, CVE-2013-2569, CVE-2013-2570
MD5 | 4034e4e1cb09253908be504ce863394f
Firewall Log Watch 1.4
Posted May 28, 2013
Authored by Boris Wesslowski | Site kyb.uni-stuttgart.de

fwlogwatch is a packet filter and firewall log analyzer with support for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/HP-UX/IRIX ipfilter, Cisco IOS, Cisco PIX/ASA, Netscreen, Elsa Lancom router, and Snort IDS log files. It can output its summaries in text and HTML and has a lot of options. fwlogwatch also features a realtime anomaly response capability with a Web interface.

Changes: This release adds IPv6 support for ipfilter and includes fixes for the netfilter parser and forward DNS resolution.
tags | tool, web, firewall
systems | cisco, linux, unix, solaris, irix, bsd, hpux, ios
MD5 | b76bad368ea311677dabb0618ec6c8cf
PayPal France SQL Injection
Posted May 28, 2013
Authored by Karim H.B. | Site vulnerability-lab.com

PayPal's France site suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 0915999ca83f319843c81a0f28decd6e
Page 2 of 14
Back12345Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close