exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Paypal BugBounty 5 Cross Site Scripting
Posted Oct 8, 2012
Authored by Ibrahim El-Sayed, Vulnerability Laboratory | Site vulnerability-lab.com

Paypal.com suffered from a stored cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 830b99c97288997b434a67b496389dd1abe41e3409067abdeb8904aadb08121e

Related Files

Red Hat Security Advisory 2011-1780-01
Posted Dec 5, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1780-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. APR as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Red Hat Enterprise Linux 6. This update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product. Such a configuration is not supported by Red Hat, however.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-3190
SHA-256 | 592df6d954f425a55dd58c209ed7778584ac1a80af52bc9c7ce6a5ffab5e20fe
HP Security Bulletin HPSBUX02725 SSRT100627
Posted Nov 24, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02725 SSRT100627 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow cross-site scripting (XSS), gain unauthorized access, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
advisories | CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190
SHA-256 | da0edbfa949de2b7034ad0a1fe927c5c9205a87431abdda03737962e90086071
Secunia Security Advisory 46960
Posted Nov 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for Tomcat Servlet Engine in HP-UX. This fixes some weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).

tags | advisory, denial of service, local, vulnerability, xss
systems | hpux
SHA-256 | 5aeee214506904de7f2c6d70290bfbc61c04b765694d6d409d8cd55614f1a659
Red Hat Security Advisory 2011-1456-01
Posted Nov 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1456-01 - JBoss Enterprise SOA Platform 5.2.0, which fixes two security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. A cross site scripting vulnerability was found in JRuby. It was found that the invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using different HTTP methods.

tags | advisory, remote, web, xss
systems | linux, redhat
advisories | CVE-2010-1330, CVE-2011-4085
SHA-256 | 4f09ed673fadcf7173dc16bfee24fd4db8403b3cc1f7cbbfd04c636f43183459
libdvdcss 1.2.11
Posted Nov 16, 2011
Site videolan.org

libdvdcss is a cross-platform library for transparent DVD device access with on-the-fly CSS decryption. It currently runs under Linux, FreeBSD, NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win95/Win98, Win2k/WinXP, MacOS X, HP-UX, QNX, and OS/2. It is used by libdvdread and most DVD players such as VLC because of its portability and because, unlike similar libraries, it does not require your DVD drive to be region locked.

Changes: This release improves RPC-II drive handling and contains a more robust keys retrieval mode. It also introduces fixes for MingW and OS/2 compilation, and has various bugfixes for small issues, memory leaks, crashes, and build issues.
tags | library
systems | linux, netbsd, windows, unix, solaris, freebsd, bsd, openbsd, hpux, beos, osx
SHA-256 | 4f2578b995a25f1d81ae2b3c6e4cc5b0a199581d4a0b3a2d67c48c3ed5db9199
Ubuntu Security Notice USN-1253-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1253-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 500dc3b4a945636f97bf2e47879fe76c35bb56044546ce1c830a4bcfd79e5365
Cisco CUCM Directory Traversal / Reversible Obfuscation
Posted Nov 8, 2011
Authored by FX, Sandro Gauci | Site recurity-labs.com

Cisco CUCM environment and the IP Phone CP-7975G suffer from a directory traversal, have a reversible obfuscation algorithm, security issues related to SCCP, CTFTP, and Voice VLAN separation. Versions 7.0 and 8.0(2) are affected.

tags | exploit, file inclusion
systems | cisco
SHA-256 | 17aa1f350cac49473ed6962ed0fc3ece5a0474aa8fa99f6df2c4f4751b652bc7
IBM WebSphere Directory Traversal
Posted Nov 1, 2011
Authored by Digital Defense, r@b13$, sxkeebler, Javier Castro | Site digitaldefense.net

The default installation of the IBM WebSphere Application Server is deployed with a 'help' servlet which is designed to serve supporting documentation for the WebSphere system. When the 'help' servlet processes a URL that contains a reference to a Java plug-in Bundle that is registered with the Eclipse Platform Runtime Environment of the WebSphere Application Server, the 'help' servlet fails to ensure that the submitted URL refers to a file that is both located within the web root of the servlet and is of a type that is allowed to be served. An unauthenticated remote attacker can use this weakness in the 'help' servlet to retrieve arbitrary system files from the host that is running the 'help' servlet. This can be accomplished by submitting a URL which refers to a registered Java plug-in Bundle followed by a relative path to the desired file.

tags | advisory, java, remote, web, arbitrary, root
advisories | CVE-2011-1359
SHA-256 | 4adf33603b356ff3b73d86dd885c7fef8b16304d70e5775f89788b5d0609f5d3
Secunia Security Advisory 46587
Posted Oct 26, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-mvl-dove. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | c31d7d1f5e95692150d7579743971b5ff30eab60d51e9307c913b01b1154c4d6
Ubuntu Security Notice USN-1245-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1245-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 6c2fdc6fb88de2201319a3a2c820b9ee501477683f43a26fc633346bfd7e0794
Ubuntu Security Notice USN-1241-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1241-1 - It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, protocol
systems | linux, ubuntu
advisories | CVE-2011-1573, CVE-2011-1576, CVE-2011-1776, CVE-2011-2213, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2695, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191, CVE-2011-3363
SHA-256 | 34637add57bb1c47bb725041cb1273223d64aa46133511754d889d306943b525
Ubuntu Security Notice USN-1240-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1240-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 7bb5696fdf28788ddf1a181d26c0746a318f35d21e90975dc7a17a6248fbbf34
Ubuntu Security Notice USN-1239-1
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1239-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | a8d44e1d2d7d40338fc3f73c81b91d2690ae35010e30a9837bab689992f33bd1
G-WAN 2.10.6 Buffer Overflow
Posted Oct 17, 2011
Authored by Fredrik Widlund

G-WAN suffers from multiple vulnerabilities. A buffer overflow issue exists in the routine handling URL encoding for the "csp" (so called G-WAN servlets) sub-directory. Exploiting the vulnerability results in remotely being able to execute shellcode on the system. SIGPIPE signals were not handled correctly. Exploiting the vulnerability resulted in denial of service.

tags | advisory, denial of service, overflow, vulnerability, shellcode
SHA-256 | 4f748ec836979bd3edb6ddc3a547daf14847a2b5c909af7c91b8e935ac52e5bb
Secunia Security Advisory 46224
Posted Oct 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | 098c962cf99d7603ddc0e167287b7e3a554fd4f6b5a3ed99fcd220743e7670cc
Ubuntu Security Notice USN-1227-1
Posted Oct 12, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1227-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1776, CVE-2011-1833, CVE-2011-2213, CVE-2011-2497, CVE-2011-2699, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918, CVE-2011-2928, CVE-2011-3191
SHA-256 | 87d2aaa8ca6ba6b00c9ca09b32765eba40fef19b74fb5429c7386a7141501ba4
Ubuntu Security Notice USN-1220-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1220-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1776, CVE-2011-2213, CVE-2011-2497, CVE-2011-2700, CVE-2011-2723, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 381cb500bd82528a730aee301d5df2fea4835c168a78a002069bcb53da18ca72
Ubuntu Security Notice USN-1219-1
Posted Sep 29, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1219-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1776, CVE-2011-1833, CVE-2011-2213, CVE-2011-2497, CVE-2011-2699, CVE-2011-2700, CVE-2011-2723, CVE-2011-2918, CVE-2011-2928, CVE-2011-3191
SHA-256 | 5bbf959fff7d5604adafb12f55e81da2ac28c246748613faaed45b3156c8add2
Vlock Session Locker 2.2.3
Posted Sep 19, 2011
Authored by Frank Benkstein

vlock is a program to lock one or more sessions on the Linux console. This is especially useful for Linux machines which have multiple users with access to the console. One user may lock his or her session(s) while still allowing other users to use the system on other virtual consoles. If desired, the entire console may be locked and virtual console switching disabled.

Changes: This release fixes vlock not reacting to input when started in the background from bash.
systems | linux, unix
SHA-256 | 85aa5aed1ae49351378a0bd527a013078f0f969372a63164b1944174ae1a5e39
Secunia Security Advisory 45996
Posted Sep 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for linux-mvl-dove. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
systems | linux, ubuntu
SHA-256 | 871b2440dd754c36891528f53e8fde6990b73f3d0b6b33326cd2eb65d078db0a
Ubuntu Security Notice USN-1186-1
Posted Aug 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1186-1 - Dan Rosenberg discovered that IPC structures were not correctly initialized on 64bit systems. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Steve Chen discovered that setsockopt did not correctly check MSS values. A local attacker could make a specially crafted socket call to crash the system, leading to a denial of service. Vladymyr Denysov discovered that Xen virtual CD-ROM devices were not handled correctly. A local attacker in a guest could make crafted blkback requests that would crash the host, leading to a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2010-4073, CVE-2010-4165, CVE-2010-4238, CVE-2010-4249, CVE-2010-4649, CVE-2011-0711, CVE-2011-1010, CVE-2011-1044, CVE-2011-1090, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-2484, CVE-2011-2534
SHA-256 | c3a47a1e53eb2444ce4455bf4ddc8ae62e5c824fec3c47e3051068cd376a1811
Red Hat Security Advisory 2011-1106-01
Posted Aug 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1106-01 - The kernel packages have been updated to address a vulnerability. A flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1576
SHA-256 | d2511485720906fd14fc2a3f975c01b817038b49d64c90f52a352c78915e2b1a
CA Arcserve D2D GWT RPC Credential Information Disclosure
Posted Aug 2, 2011
Authored by rgod, bannedit | Site metasploit.com

This Metasploit module exploits an information disclosure vulnerability in the CA Arcserve D2D r15 web server. The information disclosure can be triggered by sending a specially crafted RPC request to the homepage servlet. This causes CA Arcserve to disclosure the username and password in cleartext used for authentication. This username and password pair are Windows credentials with Administrator access.

tags | exploit, web, info disclosure
systems | windows
SHA-256 | 7c8e30e3bf5a9fd18f843efebdc225b819266ca4ca82d428c51238a4afa9d1c6
LibAVCodec AMV Out Of Array Write
Posted Aug 1, 2011
Authored by Dominic Chell | Site ngssecure.com

Dominic Chell of NGS Secure has discovered a high risk vulnerability in LibAVCodec. Opening a malformed AMV file can result in an out of array write and potentially arbitrary code execution when using this library. Whilst the vulnerability may affect multiple applications that use this library, it was only tested on VLC media player. VLC media player versions 1.1.9 and below are affected.

tags | advisory, arbitrary, code execution
advisories | CVE-2011-1931
SHA-256 | 185b2a8f4df8fd3182b6a8b7c17b80825f8ca66454647c947edaad4f084253e6
Red Hat Security Advisory 2011-1090-01
Posted Jul 27, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1090-01 - The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found that allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2011-1576
SHA-256 | 423b948c96708d1e061b86fbda73740a65a22df850c2554883aadb161b574ff5
Page 3 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close