what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

WebFairy Mediat 1.4.1 Cross Site Scripting
Posted Dec 31, 2018
Authored by Deyaa Muhammad

WebFairy Mediat version 1.4.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 488022a41f8657d47f7d7a95a84e659a

Related Files

Packet Fence 3.5.0
Posted Aug 2, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements. It adds a remediation module for SourceFire 3D, the ability to have different captive portals depending on the SSID you connect to, a new Web-based configuration tool which eases the installation and configuration process of a new PacketFence installation, and complete Suricata support.
tags | tool, remote
systems | unix
MD5 | 6a37889c02072ccc8a6fb731191bc477
ImmediateCrypt 1.0
Posted Jul 8, 2012
Authored by Giacomo Drago | Site code.google.com

ImmediateCrypt can easily encrypt and decrypt plain text messages with the AES-256 algorithm (CBC block chaining, PKCS5 padding).

Changes: This release trims Ciphertext and Plaintext before encryption, adds an "about" window, creates a portable build.xml file, adds a program icon, and adds small fixes and improvements.
tags | tool, java, encryption
MD5 | 755de7208307196164bf12050e749ae3
Red Hat Security Advisory 2012-0811-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0811-04 - The php-pecl-apc packages contain APC, the framework for caching and optimization of intermediate PHP code. A cross-site scripting flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack. Note: The administrative script is not deployed upon package installation. It must manually be copied to the web root .

tags | advisory, remote, web, root, php, xss
systems | linux, redhat
advisories | CVE-2010-3294
MD5 | c1f2e2155f67e7037dd2ce43ca63f41c
Packet Fence 3.4.0
Posted Jun 14, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This major release focuses on new features and enhancements, including Brocade and H3C hardware support, Debian Squeeze support, more custom VLAN support, node bulk importation improvements, new bandwidth graphs, performance tweaks, stability improvements, and a security fix.
tags | tool, remote
systems | unix
MD5 | 5d3c2d88854b1b904d2813865e82fc7f
Epicor Returns Management SOAP-Based Blind SQL Injection
Posted May 18, 2012
Authored by Digital Defense, r@b13$, Chris Graham | Site digitaldefense.net

Digital Defense, Inc. (DDI) has discovered a blind SQL injection vulnerability in the Epicor Returns Management software SOAP interface. Left unremediated, this vulnerability could be leveraged by an attacker to execute arbitrary SQL commands and extract information from the backend database using standard SQL exploitation techniques. Additionally, an attacker may be able to leverage this flaw to compromise the database server host operating system.

tags | advisory, arbitrary, sql injection
MD5 | 755a65afc10d5474042e3617ff61f528
OpenOffice.org vclmi.dll Integer Overflow
Posted May 16, 2012
Authored by TieLei Wang

A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

tags | advisory, overflow
advisories | CVE-2012-1149
MD5 | 0d853304d9491d0cb7d8fb6c76e96fe2
Packet Fence 3.3.0
Posted Apr 16, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: A major release focused on new features and enhancements. AlliedTelesis switches support. Introduction of Role-Based Access Control (RBAC) for Aruba, AeroHIVE, Meru, and Motorola equipment. Guests can now pre-register in advance or have their network access sponsored. Simplified inline enforcement. Several new configuration parameters that affects guest handling. Noteworthy fixes include a RADIUS Identity privacy fix and Captive portal look on mobile devices (smartphones and tablets). There is some polishing and translation updates.
tags | tool, remote
systems | unix
MD5 | 3069c96b7d5af21f0c3b193d0195c8a6
Packet Fence 3.2.0
Posted Feb 24, 2012
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This is a major release focused on new features and enhancements. It has OpenVAS Vulnerability Assessment integration for free client-side policy compliance. Per-user bandwidth limits can be imposed using RADIUS accounting information. A new billing engine was integrated in the captive portal, allowing a variety of paid-for Internet access workflows. Several performance enhancements and more robust handling of configuration mistakes. Many bugfixes, small enhancements, and translation updates.
tags | tool, remote
systems | unix
MD5 | e3c93a5998bfe7fa97f4a2bdc0ee59e5
Zero Day Initiative Advisory 12-032
Posted Feb 23, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses structures for a specific tag descriptor with a specific ICC color profile. When handling a field from this structure, the application will incorrectly check for signedness and then perform an operation on it. This will then get passed to an allocation. Immediately following this, the application will use a different size to initialize the allocation. This can lead to a controllable memory corruption which can be leveraged to achieve code execution under the context of the application.

tags | advisory, java, remote, arbitrary, code execution
MD5 | e918e5f728fffc6e2f50af6885efd54e
Packet Fence 3.1.0
Posted Dec 24, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: A major release focused on new features and enhancements. Statement of Health (SoH) support for reliable client-side policy compliance, detection of rogue DHCP Servers through routers, RADIUS Change of Authorization (RFC3576) support for reliable and fast authorization changes, new charts in Web Admin, wireless profile provisioning for iPod, iPhone, and iPad devices, SNMP traps overload protection, improved captive portal detection on Mac OS X Lion and mobile devices, and support for stacked Cisco 3750 switches. There are also the usual minor performance optimizations and several bugfixes.
tags | tool, remote
systems | unix
MD5 | 256f88b08fbf6440711b79a995e293f2
Zero Day Initiative Advisory 11-350
Posted Dec 19, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-350 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Enterasys Netsight. Authentication is not required to exploit this vulnerability. The flaw exists within the nssyslogd.exe component which listens by default on UDP port 514. When parsing a new syslog message the process attempts to copy the PRIO field to an intermediate variable. The process does not properly validate the size of the destination buffer and blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, udp
MD5 | 4858d25eded541cbb4a4ca6489615a45
Packet Fence 3.0.3
Posted Nov 22, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: A minor release focused on important fixes but with some enhancements. There are performance improvements, Cisco 6500 switch support, better support for the HP Procurve 5400, translation improvements, new add-on tools, and better documentation. There are cosmetic changes in the Web Admin, fixes for some network device problems, several inline enforcement improvements, and handling of some captive portal corner cases.
tags | tool, remote
systems | unix
MD5 | cc3429f5d272c133cdb59915934b3ef6
CA Directory Insufficient Bounds Checking
Posted Nov 17, 2011
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. Remediation is available to address the vulnerability. The vulnerability occurs due to insufficient bounds checking. A remote attacker can send a SNMP packet that can cause a crash.

tags | advisory, remote, denial of service
advisories | CVE-2011-3849
MD5 | 914494bd4245b28b5e156d761a1640b8
Debian Security Advisory 2343-1
Posted Nov 10, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2343-1 - Several weak certificates were issued by Malaysian intermediate CA "Digicert Sdn. Bhd." This event, along with other issues, has lead to Entrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed certificates.

tags | advisory
systems | linux, debian
MD5 | 17c2762d8ad9bd49643f7a01447b5b84
Cisco Security Advisory 20111109-telepresence-c-ex-serie
Posted Nov 9, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Software that runs on Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices was updated to include secure default configurations beginning with the TC4.0 release. This change was accompanied by the release of Cisco Security Advisory cisco-sa-20110202-tandberg. Due to a manufacturing error, Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices that were distributed between November 18th, 2010 and September 19th, 2011 may have the root account enabled. Information on how to identify affected devices is available in the Details section of this advisory. Information on how to remediate this issue is available in the Workarounds section of this advisory.

tags | advisory, root
systems | cisco
MD5 | 4355f32309ad80c570f348d432ef874f
X Certificate And Key Management 0.9.1
Posted Nov 8, 2011
Authored by Kerstin Steinhauff, Christian Hohnstadt, Geoff Beier, Ilya Kozhevnikov, Wolfgang Glas | Site xca.hohnstaedt.de

XCA is an interface for managing RSA and DSA keys, certificates, certificate signing requests, revocation lists and templates. It uses the OpenSSL and Qt4 libraries. Certificates and requests can be created and signed and many x509v3 extensions can be added. XCA supports multiple root and intermediate Certificate authorities. The CAs can be used to create CRLs and extend certificates. The following file-formats are supported: PEM, DER, PKCS#7, PKCS#8, PKCS#10, PKCS#12, and SPKAC.

Changes: This release adds search functionality for PKCS#11 libraries, allows display of x509v3 extensions as columns in the certificate and request list, and supports exporting of requests and certificates as openssl config files. It also fixes some bugs.
tags | tool, root, encryption
systems | unix
MD5 | 53926d86ba9fc251b59f0dd154f2e3db
Zero Day Initiative Advisory 11-317
Posted Nov 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-317 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the inclusion and usage of an antique ActiveX control (mscomct2.ocx: Tue Mar 14 18:39:28 2000). Though mscomct2.ocx has been killbitted, it is accessed by ZENWorks via an intermediate control (ISList.ISAvi) which is scriptable. Multiple vulnerabilities in mscomct2.ocx can be exploited to execute arbitrary code on the host system in the context of the browser.

tags | advisory, remote, arbitrary, vulnerability, activex
advisories | CVE-2011-2658
MD5 | 67cb09384a5ccf6a071badd0ec5e40eb
Red Hat Security Advisory 2011-1423-01
Posted Nov 3, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1423-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483
MD5 | 57edf89e5b8e62dead56ef52361565ab
Packet Fence 3.0.2
Posted Oct 25, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This minor release focused on small improvements and fixes, including some security fixes. Enhancements included Trapeze hardware support, support for wireless devices in bridge mode, and guest management options put behind configurable values. There were several inline enforcement and guest management fixes, changes to default firewall rules, fixes for long-standing issues with the pie charts in the Web admin, and several other minor bugfixes.
tags | tool, remote
systems | unix
MD5 | d4b6326a15c0c37a8e72de4feadceb18
Red Hat Security Advisory 2011-1378-01
Posted Oct 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1378-01 - PostgreSQL is an advanced object-relational database management system. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-2483
MD5 | d429b9a9e1cdfb63709c0fe03beb0598
Red Hat Security Advisory 2011-1377-01
Posted Oct 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1377-01 - PostgreSQL is an advanced object-relational database management system. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-2483
MD5 | 106d651153f2bfa2304df0d4bf2c234a
Packet Fence 3.0.0
Posted Sep 22, 2011
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: This is a major release focused on several new features. It has a redesigned captive portal, complete guest management including self-registration of devices by email activation or SMS, and pre-registered guest creation by administrators. It has a new feature to secure network access on unmanageable (consumer) devices (so-called inline enforcement). Bandwidth tracking with RADIUS accounting, RHEL / CentOS 6 support, and several usability improvements are in as well. Several things that annoyed the developers but that involved breaking changes have been fixed.
tags | tool, remote
systems | unix
MD5 | 607aa26917c3f6b642e4065a34fb3683
Mandriva Linux Security Advisory 2011-133-1
Posted Sep 17, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-133 - Security issues were identified and fixed in mozilla firefox and thunderbird. As more information has come to light about the attack on the DigiNotar Certificate Authority they have improved the protections added in MFSA 2011-34. The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates. Removing the root as in their previous fix meant the certificates could be considered valid if cross-signed by another Certificate Authority.

tags | advisory, root
systems | linux, mandriva
MD5 | 68fa865b88af3ca51a3520f46013c90b
Mandriva Linux Security Advisory 2011-133
Posted Sep 8, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-133 - Security issues were identified and fixed in mozilla firefox and thunderbird. As more information has come to light about the attack on the DigiNotar Certificate Authority, Mandriva has improved the protections added in MFSA 2011-34. The main change is to add explicit distrust to the DigiNotar root certificate and several intermediates. Removing the root as in their previous fix meant the certificates could be considered valid if cross-signed by another Certificate Authority. 's control that did not chain to DigiNotar's root and were not previously blocked.

tags | advisory, root
systems | linux, mandriva
MD5 | 26a9df4779f77d42bde41c94390d364d
Cisco Security Advisory 20110824-cucm-cups
Posted Aug 25, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager (previously known as Cisco CallManager) and Cisco Unified Presence Server contain an open query interface that could allow an unauthenticated, remote attacker to disclose the contents of the underlying databases on affected product versions. Cisco has released free updated software for most supported releases. A security patch file is also available for all supported versions that will remediate this issue. The patch may be applied to active systems without requiring a reload. Customers are advised to apply a fixed version or upgrade to a fixed train. Customers who need to stay on a version for which updated software is not currently available or who can not immediately apply the update are advised to apply the patch. No workarounds are available for this issue.

tags | advisory, remote
systems | cisco
advisories | CVE-2011-1643
MD5 | 64b9022e7bb7d22aac7c57fdc7e07b47
Page 1 of 4
Back1234Next

File Archive:

May 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    14 Files
  • 2
    May 2nd
    3 Files
  • 3
    May 3rd
    1 Files
  • 4
    May 4th
    18 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    21 Files
  • 7
    May 7th
    15 Files
  • 8
    May 8th
    19 Files
  • 9
    May 9th
    1 Files
  • 10
    May 10th
    2 Files
  • 11
    May 11th
    18 Files
  • 12
    May 12th
    39 Files
  • 13
    May 13th
    15 Files
  • 14
    May 14th
    17 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    2 Files
  • 17
    May 17th
    2 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    21 Files
  • 20
    May 20th
    15 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    6 Files
  • 23
    May 23rd
    1 Files
  • 24
    May 24th
    1 Files
  • 25
    May 25th
    2 Files
  • 26
    May 26th
    23 Files
  • 27
    May 27th
    13 Files
  • 28
    May 28th
    18 Files
  • 29
    May 29th
    17 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close