what you don't know can hurt you
Showing 76 - 100 of 100 RSS Feed

Files

Oracle E-Business Suite 12.1.3 XXE Injection
Posted Oct 29, 2015
Authored by Alexey Tyurin, Ivan Chalykin, Nikita Kelesis

Oracle E-Business Suite version 12.1.3 suffers from an XXE injection vulnerability in the /OA_HTML/copxml servlet.

tags | advisory, xxe
advisories | CVE-2015-4886
MD5 | 9bdd1acc097b3690a708a7ce77004558

Related Files

zFTPServer Suite 6.0.0.52 Directory Traversal
Posted Dec 12, 2011
Authored by Stefan Schurtz

zFTPServer Suite version 6.0.0.52 suffers from a rmdir directory traversal vulnerability.

tags | exploit
advisories | CVE-2011-4717
MD5 | eb92f30d98482c604400b3dec96586a3
Ettercap Network Sniffer / Interceptor 0.7.4
Posted Dec 6, 2011
Authored by Alberto Ornaghi, Marco Valleri | Site ettercap.sourceforge.net

Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports active and passive dissection of many protocols (even ciphered ones, like SSH and HTTPS). Data injection in an established connection and filtering on the fly is also possible, keeping the connection synchronized. Many sniffing modes were implemented to give you a powerful and complete sniffing suite. Plugins are supported. It has the ability to check whether you are in a switched LAN or not, and to use OS fingerprints (active or passive) to let you know the geometry of the LAN.

Changes: Many long standing bugs were fixed: a resource depletion issue, buffer access out-of-bounds issues, DNS dissector not working on 64-bit systems, multiple buffer overflows, multiple memory leaks, multiple files with obsolete code, SEND L3 errors experienced by some users, and a compilation error under Mac OS X Lion. The build system was updated.
tags | tool, web, sniffer, protocol
systems | unix
MD5 | 6846d76af94c0c1c1eb107d1913cc768
Avid Media Composer 5.5 - Avid Phonetic Indexer Stack Overflow
Posted Dec 3, 2011
Authored by Nick Freeman | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in process AvidPhoneticIndexer.exe (port 4659), which comes as part of the Avid Media Composer 5.5 Editing Suite. This daemon sometimes starts on a different port; if you start it standalone it will run on port 4660.

tags | exploit, overflow
advisories | OSVDB-77376
MD5 | c4fdcbd39db3ab6e312ae7a02000ae94
HP Security Bulletin HPSBUX02725 SSRT100627
Posted Nov 24, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02725 SSRT100627 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow cross-site scripting (XSS), gain unauthorized access, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability, xss
systems | hpux
advisories | CVE-2010-3718, CVE-2010-4476, CVE-2011-0013, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190
MD5 | 78b8c944a8723e2c2c2dfb9ecab0640d
Debian Security Advisory 2342-1
Posted Nov 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2342-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
MD5 | 29e08a0d7f0ff415d109dce47ab10613
Secunia Security Advisory 46768
Posted Nov 7, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability with an unknown impact has been reported in vBulletin Publishing Suite.

tags | advisory
MD5 | ef792cd1f4d8d565fb59805976682abf
Secunia Security Advisory 46210
Posted Oct 31, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Norman Security Suite, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | 71a13eee8eb60a568a638b467e317c07
Secunia Security Advisory 46610
Posted Oct 28, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Buguroo Offensive Security has discovered a vulnerability in Trend Micro InterScan Web Security Suite for Linux, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, web, local
systems | linux
MD5 | 2065536ad5bb2a2b6a894b7fb462a60a
Secunia Security Advisory 46562
Posted Oct 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Tele-Consulting has reported multiple vulnerabilities in Alcatel-Lucent OmniTouch 8400 Instant Communication Suite, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
MD5 | 5fc23edcca764bd7ecd70f2790b0aca6
OmniTouch Instant Communication Suite XSRF / XSS
Posted Oct 25, 2011
Authored by Tobias Glemser

OmniTouch Instant Communication Suite suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 8e0e2e7732c9f0463225ff6e8da6929c
Secunia Security Advisory 46504
Posted Oct 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle E-Business Suite, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data and by malicious people to manipulate certain data.

tags | advisory, vulnerability
MD5 | 0c01a3032370c4a90239b8a9d4acdf64
Debian Security Advisory 2315-1
Posted Oct 5, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2315-1 - Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word (doc) file format importer of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft(R) Office.

tags | advisory, vulnerability
systems | linux, redhat, debian
advisories | CVE-2011-2713
MD5 | 09ef1ddbc441816e1d52046ba14b2d40
CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection
Posted Oct 4, 2011
Authored by MC | Site metasploit.com

This Metasploit module exploits an sql injection flaw in CA Total Defense Suite R12. When supplying a specially crafted soap request to '/UNCWS/Management.asmx', an attacker can abuse the reGenerateReports stored procedure by injecting arbitrary sql statements into the ReportIDs element. NOTE: This Metasploit module was tested against the MS SQL Server 2005 Express that's bundled with CA Total Defense Suite R12. CA's Total Defense Suite real-time protection will quarantine the default framework executable payload. Choosing an alternate exe template will bypass the quarantine.

tags | exploit, arbitrary, sql injection
advisories | CVE-2011-1653, OSVDB-74968
MD5 | 6a356255e93f9eb4c38b4f05b060dede
TLS/SSL Hardening And Compatibility Report
Posted Sep 30, 2011
Authored by Thierry Zoller | Site g-sec.lu

This report gives general recommendations as to how to configure SSL/TLS in order to provide state of the art authentication and encryption. The options offered by SSL engines grew from the early days since Netscape developed SSL2.0. The introduction of TLS made matters more challenging as servers and clients offer different sets of available options depending on which SSL engine (OpenSSL, NSS, SCHANNEL, etc.) they use. Finding the middle ground has proven difficult especially as the supported protocols and cipher suites are mostly not documented. To make matters more complicated Browsers may not use all functionality offered by the SSL stack, this report will only list functionality used by current Browsers. This report provides an overview of the currently available TLS options across Servers and Clients and allows you to offer support for a wide variety of Browsers an offer "good enough" security.

tags | paper, protocol
MD5 | ea3ba9ca23ddccb36b094184551e503d
Debian Security Advisory 2312-1
Posted Sep 29, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2312-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000
MD5 | 15e7f94d61ddd429cbd7a0cfafdbc482
Mandriva Linux Security Advisory 2011-137
Posted Sep 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-137 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8s and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages, which allows remote attackers to cause a denial of service via out-of-order messages that violate the TLS protocol.

tags | advisory, remote, denial of service, crypto, protocol
systems | linux, mandriva
advisories | CVE-2011-1945, CVE-2011-3207, CVE-2011-3210
MD5 | d4cdd08b16fe165439352bfa6ccaf846
Mandriva Linux Security Advisory 2011-136
Posted Sep 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-136 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-1945
MD5 | aad8354635e0daa4188bb666e77c1b6a
Norman Security Suite 8 Privilege Escalation
Posted Sep 28, 2011
Authored by Xst3nZ

Norman Security Suite version 8 nprosec.sys local privilege escalation exploit.

tags | exploit, local
MD5 | 87a28102debcf0d21bea2c092f77ca1f
Upek Protector Suite QL 2011 Buffer Overflow
Posted Sep 26, 2011
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Upek Protector Suite QL 2011 suffers from a buffer overflow vulnerability.

tags | advisory, overflow
MD5 | 2e97d9f7b790825db4bae526cd68e43f
Zero Day Initiative Advisory 11-279
Posted Sep 2, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-279 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Witness Systems eQuality Suite. This application is bundled with Nortel Contact Recording and Quality Monitoring Suite. Authentication is not required to exploit this vulnerability. The flaw exists within the Unify2.exe component which listens by default on TCP port 6821. When handling a packet type the process trusts a remaining packet length value provided by the user and blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp
MD5 | 9769221cd95c31239a20fab1a709a858
ZoneMinder Video Camera Security Tool 1.25.0
Posted Sep 2, 2011
Authored by Philip Coombes | Site zoneminder.com

ZoneMinder is a suite of applications intended for use in video camera security applications, including theft prevention and child or family member monitoring. It supports capture, analysis, recording, and monitoring of video data coming from one or more cameras attached to a Linux system. It also features a user-friendly Web interface which allows viewing, archival, review, and deletion of images and movies captured by the cameras. The image analysis system is highly configurable, permitting retention of specific events, while eliminating false positives. ZoneMinder supports both directly connected and network cameras and is built around the definition of a set of individual 'zones' of varying sensitivity and functionality for each camera. This allows the elimination of regions which should be ignored or the definition of areas which will alarm if various thresholds are exceeded in conjunction with other zones. All management, control, and other functions are supported through the Web interface.

Changes: This release is mainly focused around a complete rewrite of the logging and debug functionality, which now includes a Web log viewer and fully consolidated logging. Support has also been added for SFTP in event uploads. There are also a small number of other useful new features and fixes.
tags | web
systems | linux, unix
MD5 | eaefa14befd482154970541252aa1a39
Secunia Security Advisory 45735
Posted Aug 30, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jose Carlos de Arriba has reported a vulnerability in JAMF Casper Suite, JAMF Recon Suite, and JAMF Imaging Suite, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | e9a85292eb2477b260d7980c813bbe92
Red Hat Security Advisory 2011-1221-01
Posted Aug 30, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1221-01 - Samba is a suite of programs used by machines to share files, printers, and other information. The cifs-utils package contains utilities for mounting and managing CIFS shares. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.

tags | advisory, remote, web, arbitrary, xss, csrf
systems | linux, redhat
advisories | CVE-2011-1678, CVE-2011-2522, CVE-2011-2694, CVE-2011-2724
MD5 | d9801246e743b4d38706fb1f357c2111
Red Hat Security Advisory 2011-1220-01
Posted Aug 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1220-01 - Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.

tags | advisory, remote, web, arbitrary, xss, csrf
systems | linux, redhat
advisories | CVE-2011-1678, CVE-2011-2522, CVE-2011-2694, CVE-2011-2724
MD5 | a5bf4c36fe233c02cd424d5b58288e3f
Red Hat Security Advisory 2011-1219-01
Posted Aug 29, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1219-01 - Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting flaw was found in the password change page of the Samba Web Administration Tool. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. It was found that SWAT web pages did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user.

tags | advisory, remote, web, arbitrary, xss, csrf
systems | linux, redhat
advisories | CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694
MD5 | 7de3468a79b05efbb20097b9feb2dc7f
Page 4 of 4
Back1234Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close