exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 101 - 125 of 400 RSS Feed

Files Date: 2013-10-01 to 2013-10-31

Red Hat Security Advisory 2013-1458-01
Posted Oct 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1458-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-6085, CVE-2013-4242, CVE-2013-4351, CVE-2013-4402
SHA-256 | 4ed140d307f2bb993d4c7916c9f09e01858d795fc86538c67ede4581485941e0
Red Hat Security Advisory 2013-1457-01
Posted Oct 24, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1457-01 - The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4242
SHA-256 | f0bc34c54d779918b986683d5fd801d334fea4b81db30f56c90de612a52fd94c
Drupal Bean 7.x Cross Site Scripting
Posted Oct 24, 2013
Authored by Francesco Quagliati | Site drupal.org

Drupal Bean third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 5e97713fe4414c722908505802236b453b4140bd483353df1873c0b578da4978
RSA Authentication Agent Bypass
Posted Oct 24, 2013
Site emc.com

In certain circumstances, RSA Authentication Agent for Web for IIS protection can be bypassed due to a fail open flaw in the agent. Versions 7.1 and 7.1.1 are affected.

tags | advisory, web
advisories | CVE-2013-3280
SHA-256 | 1d9bdb134e4d458497e0ceca42b57c05550f4701f6e3aab2e693ee71a6cf1843
AusCERT 2014 Call For Presentations
Posted Oct 24, 2013
Site easychair.org

The 13th Annual AusCERT Information Security Conference, AusCERT2014, is to be held on the Gold Coast, Queensland, Australia from Monday 12th - 16th May 2014, at the Royal Pines Resort. AusCERT is the premier Computer Emergency Response Team for Australia and provides information security support and advice to its members, including the higher education sector and the Australian community at large.

tags | paper, conference
SHA-256 | 9c1c0aae7c07abdb4d7a0076bd5d5c2071c6fd8594b36ba32657f9bf4d16b9b3
Avira Internet Security Filter Bypass / Privilege Escalation
Posted Oct 24, 2013
Authored by Ahmad Moghimi

Avira Internet Security filter bypass and privilege escalation zero day exploit that leverages avipbb.sys.

tags | exploit
SHA-256 | 702acd4605649bdfd7902b0361aaa3f3d45c394a3a485490013d98e89acbc84f
Fuzzing And Software Vulnerabilities Part 1
Posted Oct 24, 2013
Authored by Ibrahim Balic

This is a whitepaper discussing fuzzing and software vulnerabilities. This is part one. It is written in Turkish.

tags | paper, vulnerability
SHA-256 | 29c607fe9abef0fbc5dd236320bcc02b3b1b6084b7be47b5e412136cdbb1b06f
Drupal Spaces 6.x Access Bypass
Posted Oct 23, 2013
Authored by Hunter Fox | Site drupal.org

Drupal Spaces third party module version 6.x suffers from an access bypass vulnerability.

tags | advisory, bypass
SHA-256 | df3e0fcffa7289c1f26334f4231e81a29adcea09a16966d616fdf1a5fdcb3a0f
Cisco Security Advisory 20131023-iosxr
Posted Oct 23, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS XR Software contains a vulnerability when handling fragmented packets that may result in a denial of service condition of the Cisco CRS Route Processor cards listed under "Affected Products". The vulnerability affects IOS XR Software versions 3.3.0 to 4.2.0. The vulnerability is a result of improper handing of fragmented packets and could cause the route processor, which processes the packets, to be unable to transmit packets to the fabric. Customers that are running version 4.2.1 or later of Cisco IOS XR Software, or that have previously installed the SMU for CSCtz62593 are not affected by this vulnerability. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | cisco, osx, ios
SHA-256 | ed63f824d536f6bf27a168cf61ea113a3a4f38fecf82bf83014bc5a3d93e2f0d
GuppY 4.6.26 Cross Site Scripting
Posted Oct 23, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

GuppY version 4.6.26 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-5983
SHA-256 | 8b7dc8f59410bf9a18129eab1a1488495b75587d4c45e6e7a60c33368e3de149
Cisco Security Advisory 20131023-ise
Posted Oct 23, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Identity Services Engine (ISE) contains the arbitrary command execution and authentication bypass vulnerabilities. Successful exploitation of Cisco ISE Authenticated arbitrary command execution vulnerability may allow an authenticated remote attacker to execute arbitrary code on the underlying operating system. Successful exploitation of Cisco ISE Support Information download authentication bypass vulnerability could allow an attacker to obtain sensitive information including administrative credentials.

tags | advisory, remote, arbitrary, vulnerability, bypass
systems | cisco
SHA-256 | f4a9a1b82bf3ddc9ef51a98ce97dca0268226fb4a5465b44488089166821760f
Cisco Security Advisory 20131023-struts2
Posted Oct 23, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple Cisco products include an implementation of Apache Struts 2 component that is affected by a remote command execution vulnerability. The vulnerability is due to insufficient sanitization of user-supplied input. An attacker could exploit this vulnerability by sending crafted requests consisting of Object-Graph Navigation Language (OGNL) expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000. Cisco Business Edition 3000 should contact their Cisco representative for available options.

tags | advisory, remote, arbitrary
systems | cisco
SHA-256 | 08ccd9dce572e6e9d6b66d224373326a1c84b94213d1a961cba1f28be3e298e4
Ubuntu Security Notice USN-2005-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2005-1 - Rongze Zhu discovered that the Cinder LVM driver did not zero out data when deleting snapshots. This could expose sensitive information to authenticated users when subsequent servers use the volume. Grant Murphy discovered that Cinder would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4183, CVE-2013-4202, CVE-2013-4179, CVE-2013-4183, CVE-2013-4202
SHA-256 | c777310c03c01583333fab2c17424fcb89ab74aada494927544c9f3dc1f62ca7
Ubuntu Security Notice USN-2004-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2004-1 - Thomas Leaman discovered that the Python client library for Glance did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack.

tags | advisory, remote, python
systems | linux, ubuntu
advisories | CVE-2013-4111
SHA-256 | 49833e618822d71e2bcc8b846d23ba92227a7be26865b3323fd15cf894feac55
Ubuntu Security Notice USN-2002-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2002-1 - Chmouel Boudjnah discovered that Keystone did not properly invalidate user tokens when a tenant was disabled which allowed an authenticated user to retain access via the token. Kieran Spear discovered that Keystone did not properly verify PKI tokens when performing revocation when using the memcache and KVS backends. An authenticated attacker could exploit this to bypass intended access restrictions. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4222, CVE-2013-4294, CVE-2013-4222, CVE-2013-4294
SHA-256 | f6c7d78a98e19bff9d96af24e8f2c061c076b9f02b37bf3bb46129464f18077f
Ubuntu Security Notice USN-2003-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2003-1 - Stuart McLaren discovered that Glance did not properly enforce the 'download_image' policy for cached images. An authenticated user could exploit this to obtain sensitive information in an image protected by this setting.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2013-4428
SHA-256 | 5bcbdd5172766f1b92e4ef0b761c84adf1aef699272f16fcfbd37fb1410bdc54
Ubuntu Security Notice USN-2001-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2001-1 - Peter Portante discovered that Swift did not properly handle requests with old X-Timestamp values. An authenticated attacker could exploit this to cause a denial of service via disk consumption.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4155
SHA-256 | 73226047ae2dbc4a6888652a822a499a41ebc82357f5abd22238f6d268c6e4d1
Ubuntu Security Notice USN-2000-1
Posted Oct 23, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2000-1 - It was discovered that Nova did not properly enforce the is_public property when determining flavor access. An authenticated attacker could exploit this to obtain sensitive information in private flavors. This issue only affected Ubuntu 12.10 and 13.10. Grant Murphy discovered that Nova would allow XML entity processing. A remote unauthenticated attacker could exploit this using the Nova API to cause a denial of service via resource exhaustion. This issue only affected Ubuntu 13.10. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4179, CVE-2013-4185, CVE-2013-4261, CVE-2013-2256, CVE-2013-4179, CVE-2013-4185, CVE-2013-4261, CVE-2013-4278
SHA-256 | eb4e594341e0a8e657da13d029ba42e404cf5d54c108b6fc6051975c9ea0508f
Red Hat Security Advisory 2013-1456-01
Posted Oct 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1456-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.5. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2012-0547, CVE-2012-0551, CVE-2012-1531, CVE-2012-1532, CVE-2012-1533, CVE-2012-1541, CVE-2012-1682, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1721, CVE-2012-1722, CVE-2012-1725, CVE-2012-3143, CVE-2012-3159, CVE-2012-3213, CVE-2012-3216, CVE-2012-3342, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073
SHA-256 | 5f2a4d8e195f018a24a54b255421a802c2fe7798ae208c88ddb47eb51cc14a7c
Red Hat Security Advisory 2013-1455-01
Posted Oct 23, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1455-01 - This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Network Satellite Server 5.4. In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. Several flaws were fixed in the IBM Java 2 Runtime Environment.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871, CVE-2011-0873, CVE-2011-3389, CVE-2011-3516, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3550, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3561
SHA-256 | 2a16ca4e3556d5578b8bb8f42cdd84dd4a88fcdcdffc9e83948a5f1f3e4d7b65
Mandriva Linux Security Advisory 2013-257
Posted Oct 23, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-257 - Mozilla Network Security Services before 3.15.2 does not ensure that data structures are initialized before read operations, which allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. The updated mozilla NSS and NSPR packages have been upgraded to the latest versions where the flaw has been fixed in NSS. The rootcerts packages have been upgraded providing the latest root CA certs from mozilla as of 2013/04/11. The sqlite3 packages for mes5 have been upgraded to the 3.7.17 version to satisfy the requirements for a future upcoming Firefox 24 ESR advisory.

tags | advisory, remote, denial of service, root
systems | linux, mandriva
advisories | CVE-2013-1739
SHA-256 | f1386d2817faab7a95e01d2ce8eef7faadad17f6df2003fbcbe1f9bbbd73a913
PHPCMS Guestbook Cross Site Scripting
Posted Oct 23, 2013
Authored by Robert At Cnmoker

The PHPCMS Guestbook module from phpcms.cn suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-5939
SHA-256 | d8b958adc08aeb8a08fa43ea42d741c7372da3163a7d5e5db9b776653e6de0fe
LiveCart 1.4 Shell Upload
Posted Oct 23, 2013
Authored by DevilScreaM

LiveCart version 1.4 suffers from a remote PHP shell upload vulnerability.

tags | exploit, remote, shell, php
SHA-256 | e2a41ce6de3c4aa60db5b72a6cd923cfb719186f387af0bad1c8e9c450c3fe2c
WordPress DailyDeal Theme Shell Upload
Posted Oct 23, 2013
Authored by DevilScreaM

The WordPress DailyDeal theme suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 25e1be2c8c9b97be0f84118170063bb8eed0a22e212c8a9be4176e00df086f59
WordPress e-Commerce Payment Gateways Caller Local File Inclusion
Posted Oct 23, 2013
Authored by Keith Makan

WordPress e-Commerce Payment Gateways Caller plugin versions prior to 0.1.1 suffer from a local file inclusion vulnerability.

tags | advisory, local, file inclusion
SHA-256 | 4b7cc666e0544bf1b99dc9b0b53a2d7281d3b66937b17f7d862c053ee55c7440
Page 5 of 16
Back34567Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close