what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Ex Libris Patron Directory Services 2.1 Cross Site Scripting
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7293
SHA-256 | a3b5ead6e76494619c7357d9c2e36a3ff71e90dec08243d6f7e34d5f87d1d734

Related Files

Red Hat Security Advisory 2012-0519-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
SHA-256 | 4c2d7e867f2236c82154ad3fdca5b623e021c311c49562d7e1ef097fb83249f5
Ubuntu Security Notice USN-1428-1
Posted Apr 25, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1428-1 - It was discovered that the fix for CVE-2012-2110 was incomplete for OpenSSL 0.9.8. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Ubuntu 11.10 was not affected by this issue. The original upstream fix for CVE-2012-2110 would cause BUF_MEM_grow_clean() to sometimes return the wrong error condition. This update fixes the problem. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2131, CVE-2012-2131
SHA-256 | 2289dbca4426d93d31dbb6364a90c4dd7c450eed99d5564b22b994ee965977e4
Debian Security Advisory 2457-1
Posted Apr 25, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2457-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2012-0467, CVE-2012-0470, CVE-2012-0471, CVE-2012-0477, CVE-2012-0479
SHA-256 | 72062d31000e1dd318e5baed8da99783e883be58715d1af2aaba2ac43f06817d
HTC IQRD Android Permission Leakage
Posted Apr 23, 2012
Authored by Dan Rosenberg | Site vsecurity.com

VSR identified a vulnerability in IQRD. The IQRD service listens locally on a TCP socket bound to port 2479. This socket is intended to allow the Carrier IQ service to request device-specific functionality from IQRD. Unfortunately, there is no restriction or validation on which applications may request services using this socket. As a result, any application with the android.permission.INTERNET permission may connect to this socket and send specially crafted messages in order to perform potentially malicious actions.

tags | advisory, tcp
advisories | CVE-2012-2217
SHA-256 | 62460a143a7893941f8c2a7a320f48f1e15c0964c0c6ff6e99e6284cd21d8be2
Liferay 6.1 Default Configuration Compromise
Posted Apr 21, 2012
Authored by Jelmer Kuperus

By utilizing the json webservices exposed in Liferay Portal version 6.1 you can register a new user with any role in the system, including the built in administrator role. Proof of concept included.

tags | exploit, proof of concept
systems | linux
SHA-256 | 3f6c3c5b9e5e27e968adbe87afc167aa13e200b89a6647cbde10d03c9a021bac
Ubuntu Security Notice USN-1424-1
Posted Apr 20, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1424-1 - It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use this to cause a denial of service. These issues did not affect Ubuntu 8.04 LTS. Tavis Ormandy discovered that OpenSSL did not properly perform bounds checking when processing DER data via BIO or FILE functions. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2110, CVE-2006-7250, CVE-2012-1165, CVE-2012-2110
SHA-256 | 16cd6f0c4fab137dff803ac2d2cfb01f273de4e132798b3f8032fb92d895a98c
Telco SMTP To SMS/MMS Crypto
Posted Apr 13, 2012
Authored by Champ Clark III

Many people use telecommunications provided SMTP to SMS/MMS gateways to send out sensitive data. This paper looks into encryption (or lack of) covered by these types of public access SMTP to SMS/MMS gateways and services.

tags | paper
SHA-256 | 4a7ee04849235d3e90c1270eb15f6e24884ab471f7c7606cf34bb4f9587f746b
US UF Services EDU Health File Inclusion
Posted Apr 8, 2012
Authored by Vulnerability Laboratory | Site vulnerability-lab.com

The Uniformed Services University of the Health Sciences (USU) suffers from a file inclusion vulnerability.

tags | exploit, file inclusion
SHA-256 | 3dd63ba0c29523938f7157cb128610a9b154343df71634c4c192c3b6d57bde14
Cisco Security Advisory 20120328-mace
Posted Mar 29, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains a denial of service (DoS) vulnerability in the Wide Area Application Services (WAAS) Express feature that could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Cisco IOS Software also contains a DoS vulnerability in the Measurement, Aggregation, and Correlation Engine (MACE) feature that could allow an unauthenticated, remote attacker to cause the router to reload. An attacker could exploit these vulnerabilities by sending transit traffic through a router configured with WAAS Express or MACE. Successful exploitation of these vulnerabilities could allow an unauthenticated, remote attacker to cause the router to leak memory or to reload. Repeated exploits could allow a sustained DoS condition. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability
systems | cisco
advisories | CVE-2012-1312, CVE-2012-1314
SHA-256 | 788885399c203d07e2f188436e87b949677dbed1fe1b4f9d5901f2a746308dff
Atheme IRC Services CertFP Privilege Escalation
Posted Mar 23, 2012
Site atheme.org

Atheme IRC Services CertFP suffers from an improper clean-up vulnerability that can allow for a privilege escalation or a crash.

tags | advisory
SHA-256 | 23faea638d79bb69553a39dc18d40e63d5b4907a1425ae1651654f1aa6dceeea
CA ARCserve Backup Denial Of Service
Posted Mar 21, 2012
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA ARCserve Backup for Windows. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. CA Technologies has issued fixes to address the vulnerability. The vulnerability occurs due to insufficient validation of certain network requests. An attacker can potentially use the vulnerability to disable network services.

tags | advisory, remote, denial of service
systems | windows
advisories | CVE-2012-1662
SHA-256 | f6cc7aa2a2c098a2e8ed419d61aa4d65e98cc20b7bdc4c73e4cfe07ba7fc117b
Red Hat Security Advisory 2012-0406-01
Posted Mar 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0406-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 3.0.1 release serves as a replacement for JBoss ON 3.0.0, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4858, CVE-2012-0032, CVE-2012-0052, CVE-2012-0062, CVE-2012-1100
SHA-256 | 360d101810e6235cc19b655e12a4aa1d69327636cb618300fd94bdd33f5fd22e
Signing Me Onto Your Accounts Through Facebook And Google
Posted Mar 20, 2012
Authored by Rui Wang, Shuo Chen, XiaoFeng Wang

Signing Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Sign-Sign-On Web Services. This is the whitepaper where researchers discovered eight flaws with SSO technologies in use by major players.

tags | paper, web
SHA-256 | 24f6a2ecdbf64e223fc0cda388a9962cd29a2d5ffa9328c2a6c7c49b33aed9a4
Red Hat Security Advisory 2012-0396-01
Posted Mar 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0396-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. A flaw was found in the way LDAP authentication was handled. If the LDAP bind account credentials became invalid, subsequent log in attempts with any password for user accounts created via LDAP were successful. A remote attacker could use this flaw to log into LDAP-based JBoss ON accounts without knowing the correct passwords.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-1100
SHA-256 | 145fc959fbc7cc8bfb9b7e7eccef6c448ffafe94e95ffa18be3f080b0c3cbf48
Debian Security Advisory 2433-1
Posted Mar 16, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2433-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2012-0455, CVE-2012-0456, CVE-2012-0458, CVE-2012-0461
SHA-256 | 9cc405f953613ae30bd12451fa27171343419a0614f1b86fc18fb850024ce587
Secunia Security Advisory 48421
Posted Mar 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Cisco Firewall Services Module (FWSM), which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | cisco
SHA-256 | 08958539862fcc9e732cfb70676da045a3c95613c342fc221d2c9fb507f14f96
Cisco Security Advisory 20120314-fwsm
Posted Mar 15, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco Catalyst 6500 Series Firewall Services Module (FWSM) contains a Protocol Independent Multicast (PIM) Denial of Service Vulnerability. Cisco has released free software updates that address this vulnerability. There are no workarounds available that mitigate this vulnerability.

tags | advisory, denial of service, protocol
systems | cisco
advisories | CVE-2012-0356
SHA-256 | b2d753db8670f511ab233fbc0da85ac98cdb6404ff6af24d3fb8bac84211ab37
Cisco Security Advisory 20120314-asa
Posted Mar 15, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco ASA 5500 Series Adaptive Security Appliances (ASA) and Cisco Catalyst 6500 Series ASA Services Module (ASASM) are affected by the following vulnerabilities: * Cisco ASA UDP Inspection Engine Denial of Service Vulnerability * Cisco ASA Threat Detection Denial of Service Vulnerability * Cisco ASA Syslog Message 305006 Denial of Service Vulnerability * Protocol-Independent Multicast Denial of Service Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities.

tags | advisory, denial of service, udp, vulnerability, protocol
systems | cisco
advisories | CVE-2012-0353, CVE-2012-0354, CVE-2012-0355, CVE-2012-0356
SHA-256 | 990c9a606064bf238d98e228790139578f19956f848e51c0a0e2979bcdd36a50
Red Hat Security Advisory 2012-0345-02
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0022
SHA-256 | 5f8ed354af7f93aae635f0011391c698a68ac7e5da46495e45b1d1b424d2b453
Bravenet Web Services Cross Site Scripting
Posted Feb 29, 2012
Authored by Sony

Bravenet Web Services suffers from a cross site scripting vulnerability.

tags | exploit, web, xss
SHA-256 | 13e0082063b74510016efa214322429d1ea204a41d51404d33e56e83e8b7b8b1
Cisco Security Advisory 20120223-srp500
Posted Feb 24, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Small Business (SRP 500) Series Services Ready Platforms contains command injection, unauthenticated configuration upload, and directory traversal vulnerabilities.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2012-0363, CVE-2012-0364, CVE-2012-0365
SHA-256 | 31da0efcb3a1c6bfaf12e06688d0619522253f130e943a73a69af7e3f60d8eea
Xenon Web Services SQL Injection
Posted Feb 15, 2012
Authored by Th4 MasK

Xenon Web Services suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 3d33767f4a578d0396bd14474c0dabb2ff9c65c903526f927fb489e8564d0660
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
Posted Feb 10, 2012
Authored by AbdulAziz Hariri | Site metasploit.com

This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.

tags | exploit, remote, overflow, udp
systems | windows
advisories | OSVDB-75780
SHA-256 | 5d732951640be5f0d7a3bbb2123ba314dbfea24dfb6b7fe3d4aa47cf4fcea31a
Creepy Geolocation Gathering Tool 0.1.95
Posted Feb 10, 2012
Authored by Yiannis Kakavas | Site ilektrojohn.github.com

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.

Changes: This release fixes the problem with Twitter consumer keys.
tags | tool
systems | unix
SHA-256 | 7a86cf41515ab0fd2f21e568a1a7dc2c0bc36f5aacdb1047ebd40c8254effce7
Red Hat Security Advisory 2012-0091-01
Posted Feb 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0091-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This JBoss Enterprise Portal Platform 4.3 CP07 release serves as a replacement for JBoss Enterprise Portal Platform 4.3 CP06.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-1484, CVE-2011-2526, CVE-2011-4085, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
SHA-256 | 8d477b129cade9168945756f320e10f89d8e0cf7bba8bf7336e147cc0e23f36a
Page 3 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close