what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

Ex Libris Patron Directory Services 2.1 Cross Site Scripting
Posted Dec 29, 2014
Authored by Jing Wang

Ex Libris Patron Directory Services version 2.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2014-7293
SHA-256 | a3b5ead6e76494619c7357d9c2e36a3ff71e90dec08243d6f7e34d5f87d1d734

Related Files

Debian Security Advisory 2400-1
Posted Feb 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2400-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449
SHA-256 | 7006936160ec6a7163ea6ad37310b26604ff1fcc3095ba5d211b939d095f7887
Red Hat Security Advisory 2012-0089-01
Posted Feb 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0089-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 2.4.2 release serves as a replacement for JBoss ON 2.4.1, and includes several bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-3206, CVE-2011-4573, CVE-2011-4858, CVE-2012-0052, CVE-2012-0062
SHA-256 | 7178588f30ba4bd4d6f52da97027502090e75fdc4cc09fcce68a551d4ef378f1
Red Hat Security Advisory 2012-0073-01
Posted Feb 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0073-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, the 7 year life-cycle of Red Hat Enterprise Linux 4 will end on February 29, 2012 and your subscription services for that version will change. Active Red Hat Enterprise Linux subscribers using Red Hat Enterprise Linux 4 will have the option to upgrade to currently supported versions of Red Hat Enterprise Linux and receive the full benefits of the subscription.

tags | advisory
systems | linux, redhat
SHA-256 | 268887096a951dd610ff136b4912a7a02f0d741bd81f42b8fb0e37dc01495410
Cisco Security Advisory 20120118-dmm
Posted Jan 18, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Digital Media Manager contains a vulnerability that may allow a remote, authenticated attacker to elevate privileges and obtain full access to the affected system. Cisco Show and Share is not directly affected by this vulnerability. However, because Cisco Show and Share relies on Cisco Digital Media Manager for authentication services, attackers who compromise the Cisco Digital Media Manager may gain full access to Cisco Show and Share. Cisco has released free software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

tags | advisory, remote
systems | cisco
advisories | CVE-2012-0329
SHA-256 | 41922785a720c613a90f99296a1cc0323338764101e0f5f2209925f0a85b77b0
Distributed Access Control System 1.4.27
Posted Jan 18, 2012
Site dacs.dss.ca

DACS is a light-weight single sign-on and role-based access control system providing flexible, modular authentication methods and powerful, transparent rule-based authorization checking for Web services, CGI programs, or virtually any program.

Changes: This minor bugfix release upgrades third-party support packages, includes upgrades/fixes for Mac OS X 10.7.2, and fixes and extends the HTTP_AUTH directive and the dacsauth(1) command.
tags | tool, web, cgi
systems | linux, unix
SHA-256 | 52ed8037ddff56acd609c77ef50a3e185639fcd0760a8e857bd73d7902c0d70b
UniOFuzz Universal Fuzzer Tool
Posted Jan 18, 2012
Authored by pigtail23 | Site nullsecurity.net

UniOFuzz is a universal fuzzing tool for browsers, web services, files, programs and network services/ports.

tags | tool, web, fuzzer
SHA-256 | 380fc307bd2912319ae5d082144514b94ae7530562d2f08c5340c2bf28993e12
Zero Day Initiative Advisory 12-010
Posted Jan 11, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

tags | advisory, remote, arbitrary, local, udp
SHA-256 | 6639c55c3938be7dce15b82072912ddf54486e00c1edb624e9e193ff0395441b
Zero Day Initiative Advisory 12-009
Posted Jan 11, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

tags | advisory, remote, arbitrary, local, udp
SHA-256 | 0255a4f2ef8b6316653251eeaf16b8b505a0a21c681598db533064319b5b09bd
Zero Day Initiative Advisory 12-008
Posted Jan 10, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-08 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component which listens for UDP traffic on multiple ports, beginning with 6905. When handling a packet which requests a vDisk name, the user-supplied length value is not properly validated. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
SHA-256 | e5cec0d5fc3c15d052d61b16dbca622d563f1cb0132cd343599dd00b030e4c7c
Ox Design Web Services SQL Injection
Posted Jan 6, 2012
Authored by Farbod Mahini, H4ckCity Security Team | Site h4ckcity.org

Ox Design Web Services suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | c708e3155ed18c56b0f69d2564270475e81e7506ce638594a57ca30f9ef95c52
Fwknop Port Knocking Utility 2.0
Posted Jan 2, 2012
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This is the production release of the fwknop C rewrite. It brings Single Packet Authorization to three different Open Source firewalls (iptables, ipfw, and pf), embedded systems, and mobile devices. The fwknopd server runs on Linux, Mac OS X, FreeBSD, and OpenBSD. The client runs on all of these platforms as well as Android, the iPhone, and Cygwin under Windows. In addition, the client is portable, and can be compiled as a native Windows binary.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | e272a89bb05740d89b6d0eef96460f165e52b285cb635d39794bf0db91a8a7d5
TOR Virtual Network Tunneling Tool 0.2.2.35
Posted Dec 18, 2011
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes a critical heap overflow security issue in Tor's buffers code. Absolutely everybody should upgrade. The bug relied on an incorrect calculation when making data continuous in one of the IO buffers, if the first chunk of the buffer was misaligned by just the wrong amount. The miscalculation would allow an attacker to overflow a piece of heap-allocated memory. Various other fixes and enhancements are included in this release.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-2778
SHA-256 | f141a41fffd31494a0f96ebbb6b999eab33ce62d5c31f81222a0acd034adbf3a
Debian Security Advisory 2365-1
Posted Dec 18, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2365-1 - Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-3195, CVE-2011-3196, CVE-2011-3197, CVE-2011-3198, CVE-2011-3199
SHA-256 | c7cba6fb7804a5597351848ffd009742a6b93472da3c1efa132f5c69371f0c94
Fwknop Port Knocking Utility 2.0rc5
Posted Dec 15, 2011
Authored by Michael Rash | Site cipherdyne.org

fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap.

Changes: This release adds OpenBSD PF support, adds a new FORCE_NAT mode to transparently force authenticated connections to specified internal systems, adds a comprehensive test suite, and adds the ability to automatically expire SPA keys. Several memory handling bugfixes were made.
tags | tool, scanner, vulnerability
systems | unix
SHA-256 | 125d5d1970d4ec04aabdd90dbc6c7f44e001a9608b9e4e267079f6bcd47b5370
Red Hat Security Advisory 2011-1822-01
Posted Dec 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1822-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.0 serves as a replacement for JBoss Enterprise Portal Platform 5.1.1, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-2941, CVE-2011-4085, CVE-2011-4580
SHA-256 | 82ea083ba0199172dd69274928ff1dcc5d9cb1f40e65fb4772f8d34ce98bdf81
Red Hat Security Advisory 2011-1815-01
Posted Dec 14, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1815-01 - The International Components for Unicode library provides robust and full-featured Unicode services. A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. All users of ICU should upgrade to these updated packages, which contain a backported patch to resolve this issue. All applications linked against ICU must be restarted for this update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-4599
SHA-256 | 80064f93a00c591c9eb00ee3c62f207e8ca534830ec5880d7ae14456ad08780d
Maks Publication And Media Services Cross Site Scripting / SQL Injection
Posted Dec 9, 2011
Authored by 3spi0n

Maks Publication and Media Services suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 5e97f07e54e925afc445353cae79b79345b9fd60971614929c0a19f16d7da7f3
Red Hat Security Advisory 2011-1580-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1580-03 - The resource-agents package contains a set of scripts to interface with several services to operate in a High Availability environment for both Pacemaker and rgmanager service managers. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2010-3389
SHA-256 | 76b9d260e2212ac0676410bf96ddadbac1b1f6a01a5448c80f8bb5634a12d824
Red Hat Security Advisory 2011-1506-01
Posted Dec 1, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1506-01 - In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life-cycle of Red Hat Enterprise Linux 4 will end on February 29, 2012. After this date, Red Hat will discontinue the regular subscription services for Red Hat Enterprise Linux 4.

tags | advisory
systems | linux, redhat
SHA-256 | 45bdfeb27da78186946bd4fa7c67f470498cc81a4c286e9cb59c1b3413ecb849
Alderney Web And IT Services SQL Injection
Posted Nov 25, 2011
Authored by 3spi0n

Alderney Web and IT Services suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
SHA-256 | 69d761072498cab1667a16ae1fed463c8feb5d99b9ecfd9d9dd3911899de7f27
Red Hat Security Advisory 2011-1465-01
Posted Nov 23, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1465-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. A signedness issue was found in the Linux kernel's CIFS implementation. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted.

tags | advisory, remote, denial of service, kernel
systems | linux, redhat
advisories | CVE-2011-1162, CVE-2011-1577, CVE-2011-2494, CVE-2011-2699, CVE-2011-2905, CVE-2011-3188, CVE-2011-3191, CVE-2011-3353, CVE-2011-3359, CVE-2011-3363, CVE-2011-3593, CVE-2011-4326
SHA-256 | 3990f24ba89403137d83736fa4eb71c4dde3b75f9f53a5c4bd3900576ad8c927
HP Security Bulletin HPSBOV02470 SSRT080123 2
Posted Nov 17, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02470 SSRT080123 2 - A potential security vulnerability has been identified with HP OpenVMS TCP/IP Services running SMTP server. The vulnerability could result in a remote Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, remote, denial of service, tcp
advisories | CVE-2011-3169
SHA-256 | bd809e6d2fb086758c2ca98895cfc16b117c4e67f77134f14d1b8a8f4db6d869
TCP Scanners Package Using SCAPY
Posted Nov 16, 2011
Authored by infodox | Site compsoc.nuigalway.ie

A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.

tags | tool, remote, scanner, python
systems | linux, unix
SHA-256 | af46bf1f61d6ac25ffe9a21f178bbd9262eb64e48d53371b8aa3e0e2721606b2
Secunia Security Advisory 46061
Posted Nov 13, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | cisco
SHA-256 | fc3600706f51e1546a762079fcd2efa095d15a261086c5e9113610bb2093559c
Mandriva Linux Security Advisory 2011-169
Posted Nov 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-169 - Security issues were identified and fixed in mozilla NSS, firefox and thunderbird. 22 weak 512-bit certificates issued by the DigiCert Sdn. Bhd certificate authority has been revoked from the root CA storage. Untrusted search path vulnerability in Mozilla Network Security Services might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. Cross-site scripting vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding. Various other issues were also addressed.

tags | advisory, remote, web, arbitrary, local, root, trojan, xss
systems | linux, mandriva
advisories | CVE-2011-3640, CVE-2011-3647, CVE-2011-3648, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, CVE-2011-3655
SHA-256 | 1a5863158a5fd4cd434856d62ecc7ece84182035492db44cb1f4705128b08a17
Page 4 of 4
Back1234Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close