what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Disk Savvy Enterprise 9.9.14 Buffer Overflow
Posted Aug 25, 2017
Authored by Nipun Jaswal, Anurag Srivastava

Disk Savvy Enterprise version 9.9.14 buffer overflow exploit.

tags | exploit, overflow
SHA-256 | 5c8b5ab18d37e5da0ee71bf65a0be4813f665141aeb5c9f7d9bed9c4c0fe4018

Related Files

Red Hat Security Advisory 2012-1166-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1166-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The RHSA-2012:0035 update for JBoss Enterprise Web Server 1.0.2 introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | f780b0c2beb4f13cd5fd92b554dd4ba5fbcdbbc13f13e931837e863861773d32
Red Hat Security Advisory 2012-1165-01
Posted Aug 14, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1165-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.0. It includes various bug fixes. The following security issue is also fixed with this release: It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.

tags | advisory, remote, arbitrary, code execution, csrf
systems | linux, redhat
advisories | CVE-2011-2908
SHA-256 | 60f263a40e9847b3704eea8775ecc38544cbf434846d76a7dc6b54f11d8bced7
Secunia Security Advisory 50230
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
systems | linux, redhat
SHA-256 | 7cb92e717aabbd61ab9ef2fd11503b990d815ba8ad87257cf957ee7641b15720
Secunia Security Advisory 50261
Posted Aug 13, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - McAfee has acknowledged two vulnerabilities in McAfee Firewall Enterprise, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service).

tags | advisory, denial of service, spoof, vulnerability
SHA-256 | fce61d5a0d2fce2172e0c4b18629893c0b5564ba15155be59158debca55f2426
Mandriva Linux Security Advisory 2012-129-1
Posted Aug 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues. The wrong set of packages was sent out with the MDVSA-2012:129 advisory that lacked the fix for CVE-2006-1168. This advisory provides the correct packages.

tags | advisory, remote, denial of service, arbitrary, shell, code execution
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2716
SHA-256 | c7875eb533c9d6beb3425c1a97fe6ed841b9a1c6086b68f13fd555c85ebb7760
Mandriva Linux Security Advisory 2012-129
Posted Aug 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-129 - The decompress function in ncompress allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. A missing DHCP option checking / sanitization flaw was reported for multiple DHCP clients. This flaw may allow DHCP server to trick DHCP clients to set e.g. system hostname to a specially crafted value containing shell special characters. Various scripts assume that hostname is trusted, which may lead to code execution when hostname is specially crafted. Additionally for Mandriva Enterprise Server 5 various problems in the ka-deploy and uClibc packages was discovered and fixed with this advisory. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, arbitrary, shell, code execution
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2716
SHA-256 | 741a2545d765d1e9854cdcbf178dc20b6ca0f8fc1357ad76b6a268fa5cadabc4
Red Hat Security Advisory 2012-1152-01
Posted Aug 9, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1152-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. It was found that the JMX Console did not protect against Cross-Site Request Forgery attacks. If a remote attacker could trick a user, who was logged into the JMX Console, into visiting a specially-crafted URL, the attacker could perform operations on MBeans, which may lead to arbitrary code execution in the context of the JBoss server process.

tags | advisory, remote, arbitrary, code execution, csrf
systems | linux, redhat
advisories | CVE-2011-2908
SHA-256 | 541ebbf92a7b69b98f4d8f15cc4138c7a7f8c74ac83e8b5ebf8bc57eb5032ebc
EmailArchitect Enterprise Email Server 10.0 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

EmailArchitect Enterprise Email Server version 10.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2591
SHA-256 | 1d614ed71a8927d8aefe626bbcff7dd35a56dc0ab018757a65f61785d9f38e5f
MailEnable Enterprise 6.5 Cross Site Scripting
Posted Aug 8, 2012
Authored by loneferret

MailEnable Enterprise version 6.5 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2012-2588
SHA-256 | fd72faeb58eb75ffa50d2abc0e461b01e20ed0f5d946c64e0d92334ec5a8ef56
Secunia Security Advisory 50084
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
systems | linux, redhat
SHA-256 | 0b8185dd9007da0da65f2831d65d1f08f5e146db7dccb14083cf8198240ddf3b
Secunia Security Advisory 50082
Posted Aug 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oliver Karow has reported a vulnerability in Dr.Web Enterprise Server, which can be exploited by malicious people to conduct script insertion attacks.

tags | advisory, web
SHA-256 | 3b188db5b0899dec36da8130b99004bd387ed3311bf6ac0e994df56bf0bad7a9
Red Hat Security Advisory 2012-1130-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1130-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2012-2625
SHA-256 | 42dc7fc7f4242c34b5fee2c87659f3b6aa1715f04f6efce9032ba41dce31257a
Red Hat Security Advisory 2012-1125-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1125-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. This release of JBoss Enterprise SOA Platform 5.3.0 serves as a replacement for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise SOA Platform 5.3.0 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-3506, CVE-2011-3517, CVE-2011-4605, CVE-2011-4838, CVE-2012-0079, CVE-2012-0818, CVE-2012-2377
SHA-256 | b8d763d67a55bbd9739b6389ec7a18b563c208224d53204c1a9cca5f0d61037e
Secunia Security Advisory 50048
Posted Jul 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adaptive Server Enterprise, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | efb8365869e395dfc8adf202e5f9dafea448cca331bd66abc450b9c2081675b0
Red Hat Security Advisory 2012-1109-01
Posted Jul 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9ef
Red Hat Security Advisory 2012-1103-01
Posted Jul 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1103-01 - Red Hat Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. Multiple cross-site scripting flaws were discovered in the Red Hat Certificate System Agent and End Entity pages. An attacker could use these flaws to perform a cross-site scripting attack against victims using Certificate System's web interface. It was discovered that Red Hat Certificate System's Certificate Manager did not properly check certificate revocation requests performed via its web interface. An agent permitted to perform revocations of end entity certificates could use this flaw to revoke the Certificate Authority certificate.

tags | advisory, web, xss
systems | linux, redhat
advisories | CVE-2012-2662, CVE-2012-3367
SHA-256 | c03295adba0c38b673534445461d9e0f2403b0a707f4b0ff13948486ba0bf7ff
Secunia Security Advisory 49951
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise PeopleTools, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, denial of service, vulnerability
SHA-256 | b5d784a71f062db6e4b27ceff58db1b3b0beaac0288483c9abfe4a81be41465b
Secunia Security Advisory 49956
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledged a vulnerability in GlassFish Enterprise Server, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 3df7185d886727ee44ab94155fe544c3ef2021707fe750959c9aa90dc0dac500
Secunia Security Advisory 49937
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Oracle Enterprise Manager Grid Control, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 513eacae48f1e294e30fe15d45c796f7555109648fb9c7eb51e8d7f947993e5c
Secunia Security Advisory 49950
Posted Jul 19, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise Human Resource Management System (HRMS), which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.

tags | advisory, vulnerability
SHA-256 | ab608f7d66c5d5b9d7bec4dec013873d5115b23e78489b9ff5d33b1bbaa74a49
Red Hat Security Advisory 2012-1072-01
Posted Jul 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.

tags | advisory, web, local
systems | linux, redhat
advisories | CVE-2012-0034
SHA-256 | 93bea0be82c69ad3873bede014261e6a38de6d2554a91c52656507e218e00584
Having Fun With VirusScan Enterprise
Posted Jul 12, 2012
Authored by Mert SARICA | Site mertsarica.com

VirusScan Enterprise Antivirus product may have a bug (or a vulnerability) in its parser that can lead to wrong action status messages and reports, malicious file scan bypass, and name spoofing by adding the magic line to the beginning of the file header.

tags | paper, spoof, virus
SHA-256 | 2245ea07c6a13e3cfa317e75e1bd13e79210f3bafacb32336208b8c41a1e3a8f
HP Security Bulletin HPSBGN02750 SSRT100795
Posted Jul 6, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN02750 SSRT100795 - A potential security vulnerability has been identified with HP ProtectTools Enterprise Device Access Manager (EDAM) running on Windows. The vulnerability can be remotely exploited to cause execution of arbitrary code or Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary
systems | windows
advisories | CVE-2011-4162
SHA-256 | c7ad390241b64e42daf8b351f742066605d9b1bf6886bd6f5c66ae7fe0eace42
Red Hat Security Advisory 2012-1053-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1053-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | be342307962d2a0aba931e86cb2c6c1accf14360770bfcdedc4165480978b07d
Red Hat Security Advisory 2012-1052-01
Posted Jul 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1052-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | ee17c0226e885f70c197193cd8587c7e1e7303d76510efafd7f64a7c8aa78b8b
Page 1 of 4
Back1234Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    7 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close