ignore security and it'll go away
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-12-12 to 2013-12-13

Divide Error In Windows Kernel
Posted Dec 12, 2013
Authored by Core Security Technologies, Nicolas A. Economou | Site coresecurity.com

Core Security Technologies Advisory - Windows kernel is prone to a security vulnerability when executing the (GDI support) function 'RFONTOBJ::bTextExtent' located in 'win32k.sys'. This vulnerability could be exploited by an attacker to crash the windows kernel by calling the user mode function 'NtGdiGetTextExtent' with specially crafted arguments. Microsoft admits that this vulnerability may allow Elevation of Privilege attacks but did not provide further technical details.

tags | exploit, kernel
systems | windows
advisories | CVE-2013-5058
MD5 | b4dcb37b5b61cdb9c7b2af2cd6369c63
Vtiger 5.4.0 Cross Site Scripting
Posted Dec 12, 2013
Authored by Sojobo Dev Team

Vtiger version 5.4.0 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | c74e5cdefe2e0a778dbd25178237fd10
InstantCMS 1.10.3 SQL Injection
Posted Dec 12, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

InstantCMS version 1.10.3 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-6839
MD5 | ec8fa7b3ae0c24a352f0d7c49d9d1f2f
Red Hat Security Advisory 2013-1823-01
Posted Dec 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1823-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross site-scripting attacks.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2013-5609, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671
MD5 | b053295e512b5616eff7ab19eab9ee62
Ubuntu Security Notice USN-2053-1
Posted Dec 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2053-1 - Ben Turner, Bobby Holley, Jesse Ruderman and Christian Holler discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Tyson Smith and Jesse Schwartzentruber discovered a use-after-free in event listeners. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-6673, CVE-2013-5613, CVE-2013-5615, CVE-2013-5609, CVE-2013-5613, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6673
MD5 | d4b0012d6f770c68199d29748fa33e2c
Ubuntu Security Notice USN-2054-1
Posted Dec 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2054-1 - It was discovered that Winbind incorrectly handled invalid group names with the require_membership_of parameter. If an administrator used an invalid group name by mistake, access was granted instead of having the login fail. Stefan Metzmacher and Michael Adam discovered that Samba incorrectly handled DCE-RPC fragment length fields. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code as the root user. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2012-6150, CVE-2013-4408, CVE-2013-4475, CVE-2012-6150, CVE-2013-4408, CVE-2013-4475
MD5 | e9325dca9b855c1fa91ba0da3bd26f0c
Ubuntu Security Notice USN-2052-1
Posted Dec 12, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2052-1 - Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Myk Melez discovered that the doorhanger notification for web app installation could persist between page navigations. An attacker could potentially exploit this to conduct clickjacking attacks. Various other issues were also addressed.

tags | advisory, web, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-5611, CVE-2013-5612, CVE-2013-5614, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673, CVE-2013-5613, CVE-2013-5615, CVE-2013-5609, CVE-2013-5610, CVE-2013-5611, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5615, CVE-2013-5616, CVE-2013-5618, CVE-2013-5619, CVE-2013-6629, CVE-2013-6630, CVE-2013-6671, CVE-2013-6672, CVE-2013-6673
MD5 | d1c0d3128f80a9faa4e87b9a394334f4
Red Hat Security Advisory 2013-1818-01
Posted Dec 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1818-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security bulletin APSB13-28, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.332.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2013-5331, CVE-2013-5332
MD5 | be30419a9b57ebcfa5a3afecf8506062
Red Hat Security Advisory 2013-1826-01
Posted Dec 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1826-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6420
MD5 | 8e350a798d9af347615919f9b07b39b8
Red Hat Security Advisory 2013-1824-01
Posted Dec 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1824-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6420
MD5 | 1d1025f263f197a85f6c15110e6caa30
Red Hat Security Advisory 2013-1825-01
Posted Dec 12, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1825-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2013-6420
MD5 | caa80df39ee7cac639460f43d375a128
eFront 3.6.14 Cross Site Scripting
Posted Dec 12, 2013
Authored by sajith

eFront version 3.6.14 build 18012 suffers from multiple stored cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | cb9aeed1445b7a4d424d933138cd0210
wtmpclean 0.8.0
Posted Dec 12, 2013
Authored by Davide Madrisan | Site davide.madrisan.googlepages.com

wtmpClean is a tool for Unix which clears a given user from the wtmp database.

Changes: Adds support for regular expressions in the editing mode.
tags | tool, rootkit
systems | unix
MD5 | aeaac71b29b3cd40bb21258c2fa6c3e2
Photo Video Album Transfer 1.0 Local File Inclusion / Shell Upload
Posted Dec 12, 2013
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Photo Video Album version 1.0 suffers from local file inclusion and remote shell upload vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, file inclusion
MD5 | e7ce2dd434905ad666baffbc939e2cad
Vatican Web Site Cross Site Scripting
Posted Dec 12, 2013
Authored by Juan Carlos Garcia

The official Vatican web site suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
MD5 | 21d684717d6ca01e510ad6ad7aa1e610
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close