what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

ELBA 5 5.5.0 SQL Injection / Default Credentials
Posted Dec 20, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

ELBA 5 version 5.5.0 R00006 build 0796 suffers from remote SQL injection, unencrypted password storage, default credential use, and buffer overflow vulnerabilities.

tags | exploit, remote, overflow, vulnerability, sql injection
MD5 | 896112b30c4c9596b6787eba484d097c

Related Files

Zero Day Initiative Advisory 12-144
Posted Aug 17, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-144 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Autostart ftAgent, which is deployed on machines managed by EMC Autostart by default. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing routines for op-codes used by EMC Autostart ftAgent's proprietary network protocol. This ftAgent.exe service listens on TCP port 8045, and performs arithmetic for memory size calculation using values read from the network without validation. This arithmetic is susceptible to integer overflow, causing the memory allocation to be undersized, ultimately allowing for heap-based memory corruption. An attacker can exploit this condition to gain remote code execution as user SYSTEM.

tags | advisory, remote, overflow, arbitrary, tcp, code execution, protocol
advisories | CVE-2012-0409
MD5 | 7588a6892021720d23b0533b79b8b4a8
Alpha Networks ADSL2/2+ Wireless Router ASL-26555 Password Disclosure
Posted Aug 17, 2012
Authored by Alberto Ortega

Alpha Networks ADSL2/2+ Wireless Router version ASL-26555 suffers from a remote administration password disclosure vulnerability. Tested on firmware version 2.0.0.30B_ES.

tags | exploit, remote
MD5 | 41d837a1e0492f1e2f9760db395e5d70
GNU Transport Layer Security Library 3.1.0
Posted Aug 17, 2012
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: This release adds support for using and storing cryptographic keys in the system's TPM module and several other improvements.
tags | protocol, library
MD5 | db88d8fc44e44be4a0a14b24aa204bbf
Mandriva Linux Security Advisory 2012-135
Posted Aug 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-135 - The DCP ETSI dissector could trigger a zero division. The MongoDB dissector could go into a large loop. The XTP dissector could go into an infinite loop. The AFP dissector could go into a large loop. The RTPS2 dissector could overflow a buffer. The CIP dissector could exhaust system memory. The STUN dissector could crash. The EtherCAT Mailbox dissector could abort. The CTDB dissector could go into a large loop. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4296, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4290
MD5 | 822678871d09a1b4078a078a693953dd
Internet Explorer Remote Code Execution With DEP And ASLR Bypass
Posted Aug 17, 2012
Authored by FaryadR

The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized or is deleted, aka "Time Element Memory Corruption Vulnerability." This is an exploit for the vulnerability noted in MS11-050.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2011-1255
MD5 | c360b436f312000c4cb2ecb69ece4dd6
Social Engine 4.2.5 Cross Site Scripting
Posted Aug 17, 2012
Authored by X-Cisadane | Site vulnerability-lab.com

Social Engine version 4.2.5 suffers from input validation and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 21e5a3667783c0dd17bdfb263977720c
Ubuntu Security Notice USN-1541-1
Posted Aug 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1541-1 - Justin Ferguson discovered multiple heap overflows in libotr. A remote attacker could use this to craft a malformed OTR message that could cause a denial of service via application crash or possibly execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-3461
MD5 | 47ba2282c1b991db82eb3c0dc1df42a2
Ubuntu Security Notice USN-1540-1
Posted Aug 17, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1540-1 - Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted certificate, an attacker could possibly exploit this to cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2012-0441
MD5 | d40f917e9e6e344076ac16b22abe8888
Debian Security Advisory 2530-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2530-1 - Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2012-3478
MD5 | c1009e26e8fe5261ade18b3611632454
Debian Security Advisory 2529-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2529-1 - Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework.

tags | advisory, web, vulnerability, python
systems | linux, debian
advisories | CVE-2012-3442, CVE-2012-3443, CVE-2012-3444
MD5 | aa54004a5bc8a82e1f64044c06bdd517
Windows Service Trusted Path Privilege Escalation
Posted Aug 15, 2012
Authored by sinn3r | Site metasploit.com

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.

tags | exploit
systems | windows
MD5 | 1d4dd3fbed6dce4a1a0d0668447ab955
HP Security Bulletin HPSBUX02805 SSRT100919
Posted Aug 15, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02805 SSRT100919 - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, java, remote, vulnerability
systems | hpux
advisories | CVE-2012-0508, CVE-2012-0551, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1718, CVE-2012-1719, CVE-2012-1720, CVE-2012-1721, CVE-2012-1722, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726
MD5 | f20bbda95682a3dfe4c6160d54706d7e
Gentoo Linux Security Advisory 201208-05
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-5 - An insecure temporary file usage has been reported in the Perl Config-IniFiles module, possibly allowing symlink attacks. Versions below 2.710.0 are affected.

tags | advisory, perl
systems | linux, gentoo
advisories | CVE-2012-2451
MD5 | 839c4b0674c414683b044d56b5f91739
Gentoo Linux Security Advisory 201208-04
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-4 - Multiple vulnerabilities have been found in Gajim, the worst of which may allow execution of arbitrary code. Versions less than 0.15-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2085, CVE-2012-2086, CVE-2012-2093
MD5 | 03e05f1028baca87bd39163d95bbf1aa
Gentoo Linux Security Advisory 201208-03
Posted Aug 15, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201208-3 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 21.0.1180.57 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2815, CVE-2012-2817, CVE-2012-2818, CVE-2012-2819, CVE-2012-2820, CVE-2012-2821, CVE-2012-2823, CVE-2012-2824, CVE-2012-2825, CVE-2012-2826, CVE-2012-2829, CVE-2012-2830, CVE-2012-2831, CVE-2012-2834, CVE-2012-2842, CVE-2012-2843, CVE-2012-2846, CVE-2012-2847, CVE-2012-2848, CVE-2012-2849, CVE-2012-2853, CVE-2012-2854, CVE-2012-2857, CVE-2012-2858, CVE-2012-2859, CVE-2012-2860
MD5 | c93f131a3c9d50bdc36f39c74cd08976
Ubuntu Security Notice USN-1539-1
Posted Aug 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1539-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Various other issues were also addressed.

tags | advisory, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400, CVE-2012-2136, CVE-2012-2373, CVE-2012-3375, CVE-2012-3400
MD5 | c6958da0516ad29999afbe85cd2acea0
Ubuntu Security Notice USN-1538-1
Posted Aug 15, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1538-1 - An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local, root, protocol
systems | linux, ubuntu
advisories | CVE-2012-2136, CVE-2012-2372, CVE-2012-2390, CVE-2012-2136, CVE-2012-2372, CVE-2012-2390
MD5 | 5ef278ed216da2b6e05e17214919ad89
Debian Security Advisory 2528-1
Posted Aug 15, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2528-1 - Several vulnerabilities were discovered in Icedove, Debian's version of the Mozilla Thunderbird mail and news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-1948, CVE-2012-1950, CVE-2012-1954, CVE-2012-1967
MD5 | 31a3e0efb329cec09b717d8863928340
Red Hat Security Advisory 2012-1156-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1156-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the i915_gem_execbuffer2() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. A missing initialization flaw was found in the sco_sock_getsockopt_old() function in the Linux kernel's Bluetooth implementation. A local, unprivileged user could use this flaw to cause an information leak.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2011-1078, CVE-2012-2383
MD5 | 80c5957b637083b55e9d589f81c8faf3
Novell ZENworks Asset Management Remote Execution
Posted Aug 14, 2012
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a path traversal flaw in Novell ZENworks Asset Management 7.5. By exploiting the CatchFileServlet, an attacker can upload a malicious file outside of the MalibuUploadDirectory and then make a secondary request that allows for arbitrary code execution.

tags | exploit, arbitrary, code execution
advisories | CVE-2011-2653, OSVDB-77583
MD5 | 8c94989c617aa92806f333c02a5ccf9e
Ubuntu Security Notice USN-1537-1
Posted Aug 14, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1537-1 - It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2665
MD5 | 20a1e2761eaa7337d6261331ab88756a
Ubuntu Security Notice USN-1536-1
Posted Aug 14, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1536-1 - It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2665
MD5 | 90a3523f63ba4706c6c08d666ece6bc9
Debian Security Advisory 2527-1
Posted Aug 14, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2527-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.

tags | advisory, web, php, vulnerability
systems | linux, debian
advisories | CVE-2012-2688, CVE-2012-3450
MD5 | a80818cca6a2d9c6f86f619a3eebb81e
Red Hat Security Advisory 2012-1166-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
MD5 | c5f34eed9b443e9c3d85d99ed579507e
Red Hat Security Advisory 2012-1165-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.

tags | advisory, remote, arbitrary, code execution, csrf
systems | linux, redhat
advisories | CVE-2011-2908
MD5 | 5c84e6f534d6af6121783976efbf43be
Page 1 of 4
Back1234Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close