what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Core FTP Server 1.2 Build 505 Code Execution
Posted Feb 20, 2014
Authored by Kyriakos Economou | Site portcullis-security.com

Core FTP Server version 1.2 build 505 suffers from a local code execution vulnerability.

tags | advisory, local, code execution
advisories | CVE-2014-1215
SHA-256 | 64260d9a672fe5d35579393d66ab0047c1d1ed3a7ca49c30bcfd2138e3c204d5

Related Files

Secunia Security Advisory 50138
Posted Aug 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for globus-gridftp-server. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, debian
SHA-256 | ed41f44e3b0b071a4b2c879a145f99965553ad8cdb77a72f4a087a93b9f0f033
Debian Security Advisory 2524-1
Posted Aug 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2524-1 - Two denial of service vulnerabilities have been discovered in the server component of OpenTTD, a free reimplementation of Transport Tycoon Deluxe.

tags | advisory, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2012-0049, CVE-2012-3436
SHA-256 | 82de0800c15326cda8e2ec48a7a9ac834e43a7b5df1a83b728c5aa0d720510f6
Secunia Security Advisory 50180
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | cc714013b48edf8a91e896f3529957fe8843c92a28a3771ed71ca4c69438166b
Secunia Security Advisory 50083
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in DataWatch Monarch BI Server, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, and manipulate certain data.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | a2dc09ec5285e070f93484cccd231c91ea4aa86d081852e9bf2fa8140bdcbd2a
Apache Libcloud 0.11.1 Possible Man In The Middle
Posted Aug 3, 2012
Authored by Suman Jana, Vitaly Shmatikov, Martin Georgiev | Site libcloud.apache.org

Apache Libcloud versions 0.4.2 through 0.11.1 suffer from a possible man-in-the-middle condition. When establishing a secure (SSL / TLS) connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked as an acceptable match for the given hostname.

tags | advisory
advisories | CVE-2012-3446
SHA-256 | 9e708dbf4b24b26ef40d5b23c71eaa9fae3674a5663c7c3350ac8e0bede741fe
Red Hat Security Advisory 2012-1139-01
Posted Aug 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1139-01 - The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3429
SHA-256 | 21ad281bbda64e6afba7cbfbd5bb1f6bc0aa4383815fd814c5f8361a16099c79
Secunia Security Advisory 50097
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - IBM has acknowledged multiple vulnerabilities in OpenSSL included in AIX and Virtual I/O Server, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.

tags | advisory, denial of service, vulnerability
systems | aix
SHA-256 | ed0c5a57d21cfc17398bb32ca7e61dc56a6d01271d6711802a78307b440b56ea
Debian Security Advisory 2519-1
Posted Aug 2, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2519-1 - Several security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, have been discovered. Additionally, the latest security update for isc-dhcp, DSA-2516-1, did not properly apply the patches for CVE-2012-3571 and CVE-2012-3954. This has been addressed in this additional update.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-4539, CVE-2012-3571, CVE-2012-3954
SHA-256 | e479c19eca6b0a977ba08f2378c2c6d472b961bb6278e8c807d1506c363ab2e5
Secunia Security Advisory 50082
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oliver Karow has reported a vulnerability in Dr.Web Enterprise Server, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, web
SHA-256 | 3b188db5b0899dec36da8130b99004bd387ed3311bf6ac0e994df56bf0bad7a9
Red Hat Security Advisory 2012-1131-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1131-01 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests. A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the "create" privilege could use this flaw to crash kadmind.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-1013, CVE-2012-1015
SHA-256 | fc644b1cb9cf0a8750b9b22679610ad70952fe4b170e2844397d3cea0bd64a5a
Secunia Security Advisory 50079
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Matt Andreko has discovered a vulnerability in Sysax Multi Server, which can be exploited by malicious users to compromise a vulnerable system.

tags | advisory
SHA-256 | 71fe00730c13e486b11af93f71da030e282f264f8d07e2095ab2d8eaaf66fbbf
Secunia Security Advisory 50069
Posted Jul 31, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in IBM Rational Directory Server, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
SHA-256 | 81d8fa4b238559d713ead309f268dca7c154ced8fef132a7488b38bcd2c022da
Debian Security Advisory 2517-1
Posted Jul 31, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2517-1 - Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation.

tags | advisory
systems | linux, debian
advisories | CVE-2012-3817
SHA-256 | 1264cbf6ebe6d856f52045f33b4880823f6d6637579867ab6419f12fcd0c8aa0
Microsoft Office SharePoint Server 2007 Remote Code Execution
Posted Jul 30, 2012
Authored by James Burton, juan, Oleksandr Mirosh | Site metasploit.com

This Metasploit module exploits a vulnerability found in SharePoint Server 2007 SP2. The software contains a directory traversal, that allows a remote attacker to write arbitrary files to the filesystem, sending a specially crafted SOAP ConvertFile request to the Office Document Conversions Launcher Service, which results in code execution under the context of 'SYSTEM'. The module uses uses the Windows Management Instrumentation service to execute an arbitrary payload on vulnerable installations of SharePoint on Windows 2003 Servers. It has been successfully tested on Office SharePoint Server 2007 SP2 over Windows 2003 SP2.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2010-3964, OSVDB-69817
SHA-256 | 7ad8e7d26bc7d8213c68e74fdb77fb2a0f223d16965a4e6425e8d2f9797435cd
Secunia Security Advisory 50076
Posted Jul 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Empire Server, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | d0aad30b9d00e472de8191a1e69b08a3028db792bf07624b30711ba316a6c193
Secunia Security Advisory 50003
Posted Jul 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM AIX and IBM Virtual I/O Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | aix
SHA-256 | 05db2f194fac4186b61b0697f82fa748125ca84a804683f97d042e75ea82a31a
Sysax Multi Server 5.64 Buffer Overflow
Posted Jul 29, 2012
Authored by Craig Freyman, Matt Andreko | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This Metasploit module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2.

tags | exploit, web, overflow
SHA-256 | 121e5304fc0c68efcbe91a4bd17f067fad4fef74c609ee089fb5929981de2e57
Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection
Posted Jul 27, 2012
Authored by muts, sinn3r | Site metasploit.com

This Metasploit module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec() call in proxy_file(), thus results in remote code execution under the context of the web server. Please note authentication is NOT needed to gain access.

tags | exploit, remote, web, code execution
advisories | CVE-2012-2953
SHA-256 | 0cd8a8da3d231693715d4e8b287a75415523666ac53647e469041b791662ac0b
Mandriva Linux Security Advisory 2012-116
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-116 - An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been patched to correct these issues.

tags | advisory, memory leak
systems | linux, mandriva
advisories | CVE-2012-3571, CVE-2012-3954
SHA-256 | 7c7457010e58268c50229d55072e4bb9e57280b85c47418c4fa50b728f6834c8
Mandriva Linux Security Advisory 2012-115
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-115 - An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server. An error in the handling of malformed client identifiers can cause a DHCP server running affected versions to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server. Two memory leaks have been found and fixed in ISC DHCP. The updated packages have been upgraded to the latest version which is not affected by these issues.

tags | advisory, denial of service, memory leak
systems | linux, mandriva
advisories | CVE-2012-3570, CVE-2012-3571, CVE-2012-3954
SHA-256 | a3724f3805b0b02ba67820a614a721acf82fab981a7946ece56835acdc445a6d
Mandriva Linux Security Advisory 2012-112
Posted Jul 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-112 - Two format string flaws were found in the way perl-DBD-Pg. A rogue server could provide a specially-crafted database warning or specially-crafted DBD statement, which once processed by the perl-DBD-Pg interface would lead to perl-DBD-Pg based process crash. The updated packages have been patched to correct this issue.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2012-1151
SHA-256 | cfc570df0e44378ae630c6244564f9a1b62cf1d12fda6e443031004d32e127eb
Ubuntu Security Notice USN-1519-1
Posted Jul 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1519-1 - Markus Hietava discovered that the DHCP server incorrectly handled certain malformed client identifiers. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service. Glen Eustace discovered that the DHCP server incorrectly handled memory. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-3571, CVE-2012-3954, CVE-2012-3571, CVE-2012-3954
SHA-256 | c72b8e80450c3e9e34484ae7fd0643ad157493cf28d7fca26110d4ee52010399
Debian Security Advisory 2516-1
Posted Jul 27, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2516-1 - Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-3571, CVE-2012-3954
SHA-256 | 074f53e4757eadf5549b496a0e1a2f3052b4631cb7e6cc36d0f0d9d7d8165ad8
Secunia Security Advisory 50048
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adaptive Server Enterprise, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | efb8365869e395dfc8adf202e5f9dafea448cca331bd66abc450b9c2081675b0
Entropy Broker RNG 0.9
Posted Jul 26, 2012
Authored by Folkert van Heusden | Site vanheusden.com

Entropy Broker is an infrastructure for distributing cryptographically secure random numbers (entropy data) from one or more servers to one or more clients. Entropy Broker allows you to distribute entropy data (random values) to /dev/random devices from other systems (real servers or virtualised systems). It helps preventing that the /dev/random device gets depleted; an empty /dev/random-device can cause programs to hang (waiting for entropy data to become available). This is useful for systems that need to generate encryption keys, run VPN software or run a casino website.

Changes: video4linux server is now compatible with video4linux2. It will now dump and restore the pool-contents.
tags | tool, encryption
systems | linux
SHA-256 | 1256b9eabb591bfe6735cfcd5b31fafece6cca0028f6df1894bd805070ba6d45
Page 2 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close