all things security
Showing 1 - 16 of 16 RSS Feed

Files Date: 2013-07-08 to 2013-07-09

Oracle Java Applet Preloader Click-2-Play Warning Bypass
Posted Jul 8, 2013
Authored by Florent Hochwelker | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Oracle Java. The vulnerability is caused by a design error in the Java click-2-play security warning when the preloader is used, which can be exploited by remote attackers to load a malicious applet (e.g. taking advantage of a Java memory corruption vulnerability) without any user interaction. Oracle Java versions 7u21 and below are affected.

tags | advisory, java, remote
MD5 | f4df9287828dacad65f91618b96799fa
D-Link UPnP OS Command Injection
Posted Jul 8, 2013
Authored by Michael Messner

D-Link devices DIR-300 rev B, DIR-600 rev B, DIR-645, DIR-845, and DIR-865 suffer from a remote command injection vulnerability. The vulnerability is caused due to missing input validation in different XML parameters.

tags | exploit, remote
MD5 | 040937f0946fe51e36ea8b0fa36d2275
Debian Security Advisory 2721-1
Posted Jul 8, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2721-1 - A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxy_pass to untrusted upstream HTTP servers is used. An attacker may use this flaw to perform denial of service attacks, disclose worker process memory, or possibly execute arbitrary code.

tags | advisory, web, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2013-2070
MD5 | f28b8e182aa7edfd440bb03f982cd023
HP Security Bulletin HPSBST02890 2
Posted Jul 8, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBST02890 2 - A potential security vulnerability has been identified with HP StoreOnce D2D Backup System. The vulnerability could be exploited remotely resulting in unauthorized access and modification. Please note that this issue does not affect HP StoreOnce Backup systems that are running software version 3.0.0 or newer. Devices running software version 3.0.0 or newer do not have a HPSupport user account with a pre-set password configured. A user who is logged in via the HPSupport user account does not have access to the data that has been backed up to the HP StoreOnce Backup system, and hence is not able to read or download the backed up data. However, it is possible to reset the device to factory defaults, and hence delete all backed up data that is present on the device. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2013-2342
MD5 | de9d3f8522116451372a74da22e0d778
Debian Security Advisory 2720-1
Posted Jul 8, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2720-1 - Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementation errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery.

tags | advisory, arbitrary, vulnerability, info disclosure, csrf
systems | linux, debian
advisories | CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697
MD5 | 812ddbe33df06d0a432c739f050d432f
Solaris Recommended Patch Cluster 6/19 Local Root
Posted Jul 8, 2013
Authored by Larry W. Cashdollar

Solaris Recommended Patch Cluster 6/19 suffers from a local root command execution vulnerability on x86.

tags | exploit, x86, local, root
systems | solaris
advisories | CVE-2010-1183
MD5 | 70e5650e28f4a605da2b8b5cd42445ea
NTLM Authentication Library 1.4
Posted Jul 8, 2013
Authored by Grant Edwards | Site josefsson.org

The NTLM library contains utilities for authenticating against Microsoft servers that require NTLM authentication. The goal of this project is to make libntlm easier to build (by using autoconf, automake, and libtool) for use by other projects.

Changes: This release adds build fixes.
tags | library
systems | unix
MD5 | 54793488450e9085c57e0d859ff3bc8c
Google Chrome 25.0.1364.152 HTTP Referer Header Faking
Posted Jul 8, 2013
Authored by Liad Mizrachi

Google Chrome version 25.0.1364.152 suffers from an XMLHttpRequest HTTP Referer Header faking vulnerability.

tags | exploit, web
MD5 | 15f802508bdb3aa33531cdc6289be924
Mozilla Firefox Maintenance Service Local Privilege Escalation
Posted Jul 8, 2013
Authored by Richard L. | Site vupen.com

VUPEN Vulnerability Research Team discovered high risk vulnerabilities in Mozilla Firefox. The vulnerabilities are caused by errors in the Mozilla Maintenance Service on Windows when interacting with local software, which could allow local unprivileged users to execute arbitrary code with SYSTEM privileges. It is possible to combine these vulnerabilities with a remote Firefox memory corruption to achieve a remote SYSTEM code execution.

tags | advisory, remote, arbitrary, local, vulnerability, code execution
systems | windows
MD5 | ac54a0b0eb9a375c9e4ae8c509591914
File Roller Path Traversal
Posted Jul 8, 2013
Authored by Open Source CERT, Yorick Koster

The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user executing the extraction, outside the current working directory. This behavior is triggered when the option 'Keep directory structure' is selected from the application 'Extract' dialog.

tags | advisory, arbitrary
advisories | CVE-2013-4668
MD5 | d21ae9055b8c07918c41455c9d27f90d
D-Link DIR-505L / DIR-826L Authentication Bypass
Posted Jul 8, 2013
Authored by Jason Doyle

D-Link DIR-505L and DIR-826L devices suffer from an authentication bypass vulnerability due to not validating session cookies.

tags | advisory, bypass
advisories | CVE-2013-4772
MD5 | 0f1d6280371016c265586903020ab3ea
Avira Analysis Web Service SQL Injection
Posted Jul 8, 2013
Authored by Ebrahim Hegazy | Site vulnerability-lab.com

Avira Analysis Web Service suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | b60dba03d897fa73093151771b57c784
Crypthisthing Blowfish Encryption Tool
Posted Jul 8, 2013
Authored by Juan J. Fernandez Lopez | Site tcpapplication.com

This program encrypts and decrypts files using a 128 bit length key with Blowfish in CBC mode.

tags | tool, encryption
MD5 | 1ac3042c7cec46bbf7a4d7cfe0ed7f1e
AOL Instant Messenger 8.0.1.5 Binary Planting
Posted Jul 8, 2013
Authored by Marshall Whittaker

AOL Instant Messenger versions 8.0.1.5 and below suffer from a binary file planting vulnerability.

tags | exploit
systems | windows
MD5 | 13056739581434413b3e0a06ff6eb9c3
Adobe Reader X 10.1.4.38 BMP/RLE Heap Corruption
Posted Jul 8, 2013
Authored by feliam

Adobe Reader X version 10.1.4.38 suffers from a BMP/RLE heap corruption vulnerability.

tags | exploit
advisories | CVE-2013-2729, OSVDB-93358
MD5 | 4a5109561966ac1035ae651d8ae8a33b
WordPress JS Restaurant SQL Injection
Posted Jul 8, 2013
Authored by Ashiyane Digital Security Team

WordPress JS Restaurant plugin suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | e434d2f2111cb6b7eb200004e96dd1b0
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close