exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

VMWare Horizon 5.4 DLL Hijacking
Posted May 22, 2017
Authored by Owais Mehtab, Tayeeb Rana

VMWare Horizon client version 5.4 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 05cb35186f2e5f6b2221c1ab68f277a67270ad790351e64db88411655e075325

Related Files

Mandriva Linux Security Advisory 2012-082
Posted May 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-082 - Multiple vulnerabilities has been discovered and corrected in pidgin. A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests. Incoming messages with certain characters or character encodings can cause clients to crash. This update provides pidgin 2.10.4, which is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-2214, CVE-2012-2318
SHA-256 | 8250736d53c4ff0aec14a41ffb644124cf6f919a74bff10c3a67955e6c661991
Novell Client 4.91 SP3/4 Privilege Escalation
Posted May 23, 2012
Authored by sickness

Novell Client version 4.91 SP3/4 privilege escalation exploit for Win2K3 and WinXP.

tags | exploit
systems | windows
advisories | CVE-2007-5762
SHA-256 | 4ec2f8f29147c1ce17f8421e5cc26463ec7e91ac339c0dc03fbab345bff2b6fd
Red Hat Security Advisory 2012-0678-01
Posted May 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0678-01 - PostgreSQL is an advanced object-relational database management system. The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0866, CVE-2012-0867, CVE-2012-0868
SHA-256 | a11a5493acd610cf7f4bfdc27b2eba1d9d44ea753011012d38733b38292f077e
Mandos Encrypted File System Unattended Reboot Utility 1.5.4
Posted May 20, 2012
Authored by Teddy | Site fukt.bsnet.se

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.

Changes: Bugfixes (some for regression bugs) for the server and related utilities.
tags | remote, root
systems | linux, unix
SHA-256 | 16900475f719f8394ae99a19bad4cf17fa77baa7b0eaea068548cdbae183151c
Mandriva Linux Security Advisory 2012-073
Posted May 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2012-2333
SHA-256 | 54666cdfa2efbdfef9bc70d2dfc67f9deaea6c7ad3fe4059fb274292752c2164
Windows Kernel ReadLayoutFile Heap Overflow
Posted May 10, 2012
Authored by Core Security Technologies, Fernando Russ | Site coresecurity.com

Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.

tags | advisory, remote, kernel, local
systems | windows
advisories | CVE-2012-0181
SHA-256 | ad5c6d91d11d4dcc9b8463439354e1e8142812d8ed2bc300fc637ac6cc763462
FreeBSD Security Advisory - OpenSSL
Posted May 3, 2012
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. OpenSSL support for handshake restarts for server gated cryptography (SGC) can be used in a denial-of-service attack. Various other OpenSSL issues have also been addressed.

tags | advisory
systems | freebsd
advisories | CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, CVE-2012-0884, CVE-2012-2110
SHA-256 | a5bef5136c533b9f68af4bc039c5c33bcdfa740e1cf6dd569a94090e8f39f3ee
Debian Security Advisory 2464-1
Posted May 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2464-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-0467, CVE-2012-0470, CVE-2012-0471, CVE-2012-0477, CVE-2012-0479
SHA-256 | de1b1c55cd9c3d5c90de543ad9cd2940ad37ba970418465acaa631fec87fd43a
MyClientBase 0.12 SQL Injection
Posted May 2, 2012
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

MyClientBase version 0.12 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b7fc2238aed5ab1e70ae61511ad44b038b27240a1cca816e23559c301be74444
Red Hat Security Advisory 2012-0532-01
Posted May 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0532-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.

tags | advisory, web
systems | linux, redhat
SHA-256 | 5f4958faa1940ec84e49215c74c654681567d9cc83e76643a347de582c9f6943
Red Hat Security Advisory 2012-0529-01
Posted May 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0529-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

tags | advisory, java, protocol, python
systems | linux, redhat
advisories | CVE-2011-3620
SHA-256 | 864d3ffb6d608bfe2b2a71547be9daddfd9edd1ae1ae007b72b5a714344c542e
Red Hat Security Advisory 2012-0528-01
Posted May 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0528-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

tags | advisory, java, protocol, python
systems | linux, redhat
advisories | CVE-2011-3620
SHA-256 | 8e1f635af01186e162dc449d1ea4804d08755de2a9e4dd9ac3b2e49a7e04c767
Samhain File Integrity Checker 3.0.4
Posted May 1, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: This release fixes inotify-related bugs leading to extraneous "file not found" reports.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | 94dad2184e4ccfe8bb52bebf3d33dc6d653dfad67dc23d4198e3f1a6deb8463b
Secunia Security Advisory 48961
Posted May 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been discovered in MyClientBase, which can be exploited by malicious users to conduct script insertion and SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | abcfc417125b79418334de95d45149a23aea5e879f29544fcb66263eecdc0729
Red Hat Security Advisory 2012-0516-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0516-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType, used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2011-3062, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479
SHA-256 | 0bf5163662f42c2a166ea76e85e9a4cc7f993ff980df574262198b7071fcb1e2
Debian Security Advisory 2453-1
Posted Apr 16, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2453-1 - Several vulnerabilities have been discovered in gajim, a feature-rich jabber client.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2012-2093, CVE-2012-2086, CVE-2012-2085
SHA-256 | bd105df7fba5991e582b3c8ae56d9c2086f0b1c465a2185562b29411c942cbb9
Secunia Security Advisory 48674
Posted Apr 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Connection Broker Client ActiveX Control, which can be exploited by malicious people to manipulate certain data.

tags | advisory, activex
SHA-256 | b1287355cd333970e53efed6cdfb22e9a60f55330dc304939d6e4b6b944959c7
Quest vWorkspace 7.5 Remote File Creation / Overwrite
Posted Apr 6, 2012
Authored by rgod | Site retrogod.altervista.org

Quest vWorkspace version 7.5 Connection Broker client active-x control pnllmcli.dll version 7.5.304.547 suffers from a SaveMiniLaunchFile() method remote file creation / overwrite vulnerability.

tags | exploit, remote, activex
SHA-256 | 1374e5faa52d12488546d133528c7d7597d9e842bbf2b7a9ba602df0b39708c0
Ubuntu Security Notice USN-1418-1
Posted Apr 6, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1418-1 - Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. Matthew Hall discovered that the GnuTLS library incorrectly handled TLS records. A remote attacker could crash client and server applications, leading to a denial of service, by sending a crafted TLS record. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2011-4128, CVE-2012-1573, CVE-2011-4128, CVE-2012-1573
SHA-256 | 13bc1e954c5707a74014e86b9b7592f3b622b5e97b35e85f4312492b2cad81f0
Secunia Security Advisory 48603
Posted Apr 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Wonderware Information Server and Invensys Wonderware Historian Client, which can be exploited by malicious people to conduct cross-site scripting attacks, conduct SQL injection attacks, bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | e3becaa970343f126481b68f4dfa5161155de42fdba59815e730767e09805745
Mandriva Linux Security Advisory 2012-047
Posted Apr 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-047 - The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. The updated packages have been patched to correct this issue.

tags | advisory, remote, protocol
systems | linux, mandriva
advisories | CVE-2011-2701
SHA-256 | 993d182b26662e6aa300645b83f0d7ecd09a0a5eab170d2d1d2c3096abf64879
BulletProof FTP Client 2010 Buffer Oveflow
Posted Apr 2, 2012
Authored by Julien Ahrens, Vulnerability Laboratory | Site vulnerability-lab.com

BulletProof FTP Client 2010 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | da2f4783654c5380123c4e604cf4c7e32cbe8268b49ea2738f7e9f1687be93d8
Mandriva Linux Security Advisory 2012-045
Posted Mar 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-045 - Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service via a large SessionTicket. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-4128
SHA-256 | 9d3027f3aebc071f3740544e88a82db2c4435c748db9687f95fffe022c747c8e
Secunia Security Advisory 48602
Posted Mar 30, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Camera Stream Client ActiveX Control, which can be exploited by malicious people to compromise a user's system.

tags | advisory, activex
SHA-256 | 0f4504cc49e35bf338bc479bad45e5714cbb5312754432f200fd859dc09d41e8
Samhain File Integrity Checker 3.0.3
Posted Mar 28, 2012
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Some bugs that could lead to deadlocks have been fixed, as well as the missing support for O_NOATIME on 64-bit Linux.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
SHA-256 | c8c3069e78dcb8b749a066c7c3bfcea1168243f75afe69a91a6330c99efd9ae4
Page 4 of 4
Back1234Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close