what you don't know can hurt you
Showing 51 - 75 of 100 RSS Feed

Files

Websense (Triton 7.6) Authentication Bypass
Posted May 2, 2012
Authored by Ben Williams | Site ngssoftware.com

Websense (Triton version 7.6) suffers from an authentication bypass vulnerability in the report management UI.

tags | exploit, bypass
MD5 | 95c35e7dca133ded811d4ac9798a6f6f

Related Files

Red Hat Security Advisory 2012-0309-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2011-0010
MD5 | 9991e164e8b58d770c673903fdb08c50
Mandriva Linux Security Advisory 2012-018
Posted Feb 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-018 - Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0452
MD5 | 7bcf7839d1ac724c1a2506c6d06776f8
Skype 5.x.x Information Disclosure
Posted Feb 13, 2012

Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.

tags | exploit, info disclosure
MD5 | c4d32e6a422eb5b37e409613e6b14f8e
Ubuntu Security Notice USN-1360-1
Posted Feb 13, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1360-1 - Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0452, CVE-2012-0452
MD5 | a9fb128e7008b88b8da7f2f72a143016
LibAnswers Springshare Library Cross Site Scripting
Posted Feb 6, 2012
Authored by Sony

The LibAnswers Springshare Library suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 9f494fecef87763cff547e8f59cf078a
LibAnalytics Springshare Cross Site Scripting
Posted Feb 6, 2012
Authored by Sony

LibAnalytics Springshare suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 4cfb6709782264ca7d3ab2333e5ffa08
ScholarGuides Springshare Cross Site Scripting
Posted Feb 6, 2012
Authored by Sony

ScholarGuides Springshare suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 438e0115d07161ea3fb461e1c1d832b7
Red Hat Security Advisory 2012-0091-01
Posted Feb 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0091-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This JBoss Enterprise Portal Platform 4.3 CP07 release serves as a replacement for JBoss Enterprise Portal Platform 4.3 CP06.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-1484, CVE-2011-2526, CVE-2011-4085, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
MD5 | bf5f51c283d9d06bc3d3f263b6added9
Ubuntu Security Notice USN-1351-1
Posted Feb 1, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1351-1 - Hayawardh Vijayakumar discovered that AccountsService incorrectly handled privileges when modifying the language settings on Ubuntu. A local attacker could exploit this issue to modify arbitrary files, and possibly create a denial of service or obtain increased privileges.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2011-4406
MD5 | 29be9b8957686681cce2766b2dd30e6c
Red Hat Security Advisory 2012-0074-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0074-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
MD5 | a32d0a98ec00b3243dce03e946cd20c3
Red Hat Security Advisory 2012-0075-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0075-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
MD5 | 622ac27ad0a10f72ff47c4f3e0174087
Red Hat Security Advisory 2012-0077-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0077-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
MD5 | 32744a026858c745879d420e133174aa
Red Hat Security Advisory 2012-0076-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0076-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".

tags | advisory, java, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2526, CVE-2011-4610, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064, CVE-2012-0022
MD5 | 4bd0dd249264811761ce1a53ce39a8d8
Ubuntu Security Notice USN-1343-1
Posted Jan 24, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1343-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665
MD5 | 0f8571925867199abb232af84ec0af74
Secunia Security Advisory 47641
Posted Jan 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Digital Security Research Group has reported a security issue in KingSCADA, which can be exploited by malicious, local users to disclose sensitive information.

tags | advisory, local
MD5 | 3194e9ee9abb5d8ff194aec6f078536d
Security Implications Of IPv6 Extensions Headers With Neighbor Discovery Rev 2
Posted Jan 13, 2012
Authored by Fernando Gont | Site ietf.org

IPv6 Extension Headers with Neighbor Discovery messages can be leveraged to circumvent simple local network protections, such as "Router Advertisement Guard". Since there is no legitimate use for IPv6 Extension Headers in Neighbor Discovery messages, and such use greatly complicates network monitoring and simple security mitigations such as RA-Guard, this document proposes that hosts silently ignore Neighbor Discovery messages that use IPv6 Extension Headers. Revision 2 of this document. This revision includes, among other things, a discussion of possible issues with SEND as a result of IPv6 fragmentation.

tags | paper, local
MD5 | bddd807b8490984a05656623cd777ccd
ClickOne Application Execution
Posted Jan 13, 2012
Authored by Yorick Koster | Site akitasecurity.nl

A logic flaw has been found in the way .NET grants permissions to ClickOnce applications. Combined with relaxed security warnings when handling OLE Packages in Office 2007 allows for attackers to run arbitrary .NET assemblies with Full Trust permissions.

tags | advisory, arbitrary
advisories | CVE-2012-0013
MD5 | b5ee129a6d2d08270d7c25d9d1a6706f
Ubuntu Security Notice USN-1306-2
Posted Jan 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1306-2 - USN-1306-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 9. Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. Various other issues were also addressed.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665
MD5 | 0cb8923ccca213371749c9ad49ba69bf
Ubuntu Security Notice USN-1306-1
Posted Jan 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1306-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Firefox or execute arbitrary code as the user that invoked Firefox. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.

tags | advisory, web, arbitrary, javascript
systems | linux, ubuntu
advisories | CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3665
MD5 | 66d158a2657e6a68eb213d345a66e000
Hash Table Collisions
Posted Dec 28, 2011
Authored by Alexander Klink, Julian Walde | Site nruns.com

Most hash functions used in hash table implementations can be broken faster than by using brute-force techniques (which is feasible for hash functions with 32 bit output, but very expensive for 64 bit functions) by using one of two "tricks": equivalent substrings or a meet-in-the-middle attack.

tags | advisory
advisories | CVE-2011-4815
MD5 | cbcfb371cfb5bca1ebdd5d270ad722eb
Red Hat Security Advisory 2011-1822-01
Posted Dec 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1822-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.0 serves as a replacement for JBoss Enterprise Portal Platform 5.1.1, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-2941, CVE-2011-4085, CVE-2011-4580
MD5 | 66e2207e56e73bb32b6ceed668a9871e
Asterisk Project Security Advisory - AST-2011-013
Posted Dec 9, 2011
Authored by Terry Wilson | Site asterisk.org

Asterisk Project Security Advisory - It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia.

tags | advisory
MD5 | def059b81354c49994d1128fdf133f47
Red Hat Security Advisory 2011-1581-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1581-03 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes. A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2011-2705, CVE-2011-3009
MD5 | 0ae37fa667a635323e4b590490b5c715
XssScanner 1.1
Posted Dec 1, 2011
Authored by Romain MILLET, VULNIT | Site vulnit.com

XssScanner is a tool designed to help penetration testers find cross site scripting vulnerabilities. It analyzes a webpage to determine which are the payloads that could be used according to the position of the parameter. Then, for each selected payload, XssScanner sends a request using the payload and checks the returned page to find the payload. The major feature of XssScanner is its ability to detect many encodings that do not change the behavior of the payload (eg: double quote encoded into ").

tags | tool, scanner, vulnerability, xss
systems | unix
MD5 | 81a8c81d88805ecc5d92819b6a859f6e
Debian Security Advisory 2355-1
Posted Dec 1, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2355-1 - Leo Iannacone and Colin Watson discovered a format string vulnerability in the Python bindings for the Clearsilver HTML template system, which may lead to denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, python
systems | linux, debian
advisories | CVE-2011-4357
MD5 | 7a352d4c4ebec21d696d2f1b286b7e2d
Page 3 of 4
Back1234Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close