what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

WordPress Core 5.8.2 SQL Injection
Posted Jan 13, 2022
Authored by Aryan Chehreghani

WordPress Core version 5.8.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2022-21661
SHA-256 | 290da5cda0c4555d189721910ddbcdad3d2627d4297306b55fc39785acd1346a

Related Files

Red Hat Security Advisory 2012-1156-01
Posted Aug 15, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1156-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the i915_gem_execbuffer2() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. A missing initialization flaw was found in the sco_sock_getsockopt_old() function in the Linux kernel's Bluetooth implementation. A local, unprivileged user could use this flaw to cause an information leak.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2011-1078, CVE-2012-2383
SHA-256 | fbd1918309805b53a8e1ad016730e6bf9f865aba9924026c70184a097b192aec
Red Hat Security Advisory 2012-1150-01
Posted Aug 9, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1150-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. A flaw was found in the way the Linux kernel's Event Poll subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local, memory leak
systems | linux, redhat
advisories | CVE-2012-2390, CVE-2012-3375
SHA-256 | ae00975626e02e5ada9e4945acd141f5cbeff3aa43a79e3f31e93828f49e39d6
Red Hat Security Advisory 2012-1148-01
Posted Aug 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1148-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2012-2744
SHA-256 | baa3650c927f75b71009e6046fdee38dd97700186f1927162b03c07e62ab28f7
Red Hat Security Advisory 2012-1129-01
Posted Jul 31, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1129-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2011-1083, CVE-2012-2744
SHA-256 | 6c0b4a58bbe502f34d3cdba3053094775341e381fd60d5e809bd0de7e804b918
Red Hat Security Advisory 2012-1114-01
Posted Jul 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1114-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2012-2744
SHA-256 | 737ca44d3c22f02002125758603606b3bf1912e7077558158feefff2fb692236
XMLCoreServices Vulnerability Analysis
Posted Jul 24, 2012
Authored by Minsu Kim

This document is an analysis of the XMLCoreServices vulnerability as noted in CVE-2012-1889.

tags | paper
advisories | CVE-2012-1889
SHA-256 | 828b379ab4424701b75ce391f88d286539d3a8d455c851c98b434fdae395ec19
Red Hat Security Advisory 2012-1109-01
Posted Jul 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1109-01 - JBoss Application Server is the base package for JBoss Enterprise Portal Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 78dd41f8b5b34025ec971ccb9596f9551cde8d2534b3816a8c8e07e50a8da9ef
CVE-2012-1889: Security Update Analysis
Posted Jul 23, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

Since the 30th of May 2012 hackers were abusing the Microsoft XML core services vulnerability. The 10th of July 2012 Microsoft finally published a security advisory which fixes this issue. The present document and video explains the details about this fix. As a lab test they used a Windows XP workstation with Service Pack 3. The Internet explorer version is 6.0.

tags | paper
systems | windows
advisories | CVE-2012-1889
SHA-256 | 0663e2de1f39f4495717f0290d861ffdd11a1fe7f2edc6deba2d85db93bac5bd
Red Hat Security Advisory 2012-1087-01
Posted Jul 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1087-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access.

tags | advisory, kernel, local, root
systems | linux, redhat
advisories | CVE-2012-2136
SHA-256 | 7e8f5f94bf72960a538fad4d42725e9aea5da69c5f9846af245aac6310ae2bd3
Secunia Security Advisory 49946
Posted Jul 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - OpenSysCom has discovered a vulnerability in EmbryoCore, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 7d564c7ed7b2dcdec9d059dee18f8abaf1d25270002d9f2e9910a6f78cd38545
Red Hat Security Advisory 2012-1072-01
Posted Jul 13, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1072-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Web Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform's "jboss-as-web/server/production/lib/jbosscache-core.jar" file.

tags | advisory, web, local
systems | linux, redhat
advisories | CVE-2012-0034
SHA-256 | 93bea0be82c69ad3873bede014261e6a38de6d2554a91c52656507e218e00584
Red Hat Security Advisory 2012-1061-01
Posted Jul 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1061-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The fix for CVE-2011-1083 introduced a flaw in the way the Linux kernel's Event Poll subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2012-3375
SHA-256 | bd4450f5aaf091e6c0f8efa019a9db94ebd1426bb8355f7c4d43b175d6c66f51
Red Hat Security Advisory 2012-1064-01
Posted Jul 10, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1064-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in the Linux kernel's netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2012-2744, CVE-2012-2745
SHA-256 | 0852eec4bdd3e4bd9f3b62617cce1230392a218607fdd7e60df4b80eb3789675
Microsoft XML Core Services Uninitialized Memory
Posted Jul 5, 2012
Authored by Brian Mariani, High-Tech Bridge SA, Frederic Bourla | Site htbridge.com

This is a thorough analysis of the Microsoft XML core services uninitialized memory vulnerability as noted by CVE-2012-1889. It includes proof of concept data to trigger the issue and goes through the flow.

tags | paper, proof of concept
advisories | CVE-2012-1889
SHA-256 | 71478922d4d7dd398af9e4e90d1f859e3494d8ddf266086e502d50612e95667a
TEMENOS T24 7 Cross Site Scripting
Posted Jun 29, 2012
Authored by Rehan Ahmed | Site rewterz.com

TEMENOS T24 Core Banking Solution System version 7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c98de2b59ae7660620eab1d44dcb42a197c5a01b987f62005384b0415c883941
Secunia Security Advisory 49668
Posted Jun 28, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Integrated Information Core, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | cd27edde6cd85413bf8781b815a1b0670f0cbba1090f388be591bab4be7a61af
Red Hat Security Advisory 2012-1043-01
Posted Jun 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1043-01 - libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents. An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All libwpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that are linked against libwpd must be restarted for this update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2149
SHA-256 | e23252ae448c1a44a7f03eeeafc940ab7c8d750681fe5a9dbffb9731f0bfe7c1
Red Hat Security Advisory 2012-1042-01
Posted Jun 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1042-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, redhat
advisories | CVE-2011-4347, CVE-2012-0038, CVE-2012-0044, CVE-2012-1097, CVE-2012-1179
SHA-256 | 40cee47ca38fd36212e40e2fc4e2a93d9ca6eec1d81c1a7cbc0f4200899d8b20
Secunia Security Advisory 49714
Posted Jun 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for texlive-core. This fixes multiple vulnerabilities, which can potentially be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | d3088ac468e5810ed3cee612f44196ea8800cded805cc3226be9a42f2778928b
Gentoo Linux Security Advisory 201206-28
Posted Jun 25, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201206-28 - Multiple vulnerabilities were found in texlive-core, allowing attackers to execute arbitrary code. Versions less than 2009-r2 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2009-1284, CVE-2010-0739, CVE-2010-0827, CVE-2010-1440
SHA-256 | 22c42bb7b7ec6932a92cdb102c3c8795014df13f16038fca30ce11d10a834cbf
Technical Cyber Security Alert 2012-174A
Posted Jun 23, 2012
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2012-174A - Microsoft Security Advisory (2719615) warns of active attacks using a vulnerability in Microsoft XML Core Services. Microsoft Internet Explorer and Microsoft Office can be used as attack vectors.

tags | advisory
SHA-256 | 0c812057868f3aa30c32aad25076f9d58f948634874ad313df23ae18d0447418
Lattice Diamond Programmer Buffer Overflow
Posted Jun 22, 2012
Authored by Core Security Technologies, Ricardo Narvaja, Daniel Kazimirow | Site coresecurity.com

Core Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.

tags | exploit, remote, arbitrary
advisories | CVE-2012-2614
SHA-256 | df8058279a3a470f0f6120f9c7043177979a194827cfc608434c36cb3b42c698
Red Hat Security Advisory 2012-1024-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1024-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 8cc9c3945525422b04633921dec6bd1564cbb738676ec11d5e3d8b5b39714c3e
Red Hat Security Advisory 2012-1027-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1027-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4605, CVE-2012-1167
SHA-256 | 1578bf172d8363fc992779d77d8a4145fd48215f84c717867f2aff0ef979d171
Red Hat Security Advisory 2012-1025-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1025-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | 438ecd3704f472ac339ff1c305b869175056410b1f32535578f2aaf8cef02993
Page 1 of 4
Back1234Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close