what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 100 RSS Feed

Files

Kshitish 2.0 Default Credentials
Posted Feb 24, 2023
Authored by indoushka

Kshitish Multipurpose eCommerce Platform version 2.0 leaves default administrative credentials installed post installation.

tags | exploit
SHA-256 | 2477d52210510658d6214fbccf04faa8b5eec226329f88dd15fa98fd54677c30

Related Files

Red Hat Security Advisory 2012-1026-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1026-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. The Java Authorization Contract for Containers specification defines Permission classes and the binding of container access decisions to operations on instances of these permission classes. JaccAuthorizationRealm performs authorization based on Java ACC permissions and a Policy implementation. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605, CVE-2012-1167
SHA-256 | 4168e8b5dde8d8685ff22bfc83da9f6eacabfa3c71ef704249f1b017705b45a7
Red Hat Security Advisory 2012-1023-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1023-01 - JBoss Application Server is the base package for JBoss Enterprise Web Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | af4b1c4d6857f6b733bd13ef19814d9228ac4ff24bec6d9d9171c97b4150362e
Red Hat Security Advisory 2012-1022-01
Posted Jun 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1022-01 - JBoss Application Server is the base package for JBoss Enterprise Application Platform, providing the core server components. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. It was found that the JBoss JNDI service allowed unauthenticated, remote write access by default. The JNDI and HA-JNDI services, and the HAJNDIFactory invoker servlet were all affected. A remote attacker able to access the JNDI service, HA-JNDI service, or the HAJNDIFactory invoker servlet on a JBoss server could use this flaw to add, delete, and modify items in the JNDI tree. This could have various, application-specific impacts.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2011-4605
SHA-256 | af9bdf7c93929aa109a8674418359aeec8a8c9c8ff4dcb42a6ff52118a155d22
Red Hat Security Advisory 2012-0973-04
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0973-04 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.

tags | advisory
systems | linux, redhat
SHA-256 | bd86edb0d7d1e0e9eb08ff6f70f96509f32f3170947d1f455892784f3cc8b4f1
Secunia Security Advisory 49635
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform and JBoss Enterprise Web Platform. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory, web
systems | linux, redhat
SHA-256 | c42e1385e55ab342275fe1cf04099e5fe9eb9cf64d9d08416d4507d77897666e
Secunia Security Advisory 49636
Posted Jun 20, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Application Platform, JBoss Enterprise Web Platform, and JBoss Enterprise Web Server. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory, web
systems | linux, redhat
SHA-256 | 277bc58fafe3b7ff9a1e9a47ee844974ad4e0b2b13d2686e135b5f4763ecaf8c
Adobe Flash Player AVM Verification Logic Array Indexing Code Execution
Posted Jun 20, 2012
Authored by mr_me | Site metasploit.com

This Metasploit module exploits a vulnerability in Adobe Flash Player versions 10.3.181.23 and earlier. This issue is caused by a failure in the ActionScript3 AVM2 verification logic. This results in unsafe JIT(Just-In-Time) code being executed. This is the same vulnerability that was used for attacks against Korean based organizations. Specifically, this issue occurs when indexing an array using an arbitrary value, memory can be referenced and later executed. Taking advantage of this issue does not rely on heap spraying as the vulnerability can also be used for information leakage. Currently this exploit works for IE6, IE7, IE8, Firefox 10.2 and likely several other browsers under multiple Windows platforms. This exploit bypasses ASLR/DEP and is very reliable.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2011-2110, OSVDB-48268
SHA-256 | e26bbead67100b455a3fddb8cfcf7df0baddef6b4fbc68f4cc261a2c4dea9972
Red Hat Security Advisory 2012-1011-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1011-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Web Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | 0530c812543209282f4bf0533f0bd0d70ac3922e7ba41df6881a413649ce38f7
Red Hat Security Advisory 2012-1010-01
Posted Jun 20, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1010-01 - mod_cluster is an Apache HTTP Server based load balancer that forwards requests from httpd to application server nodes. It can use the AJP, HTTP, or HTTPS protocols for communication with application server nodes. The JBoss Enterprise Application Platform 5.1.2 release introduced a regression, causing mod_cluster to register and expose the root context of a server by default, even when "ROOT" was in the "excludedContexts" list in the mod_cluster configuration. If an application was deployed on the root context, a remote attacker could use this flaw to bypass intended access restrictions and gain access to that application.

tags | advisory, remote, web, root, protocol
systems | linux, redhat
advisories | CVE-2012-1154
SHA-256 | a3e123ba9128524e55deba67d0d7d09321e5a926d90ee63360e4cb28d0eea991
Ubuntu Security Notice USN-1467-1
Posted Jun 12, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1467-1 - It was discovered that certain builds of MySQL incorrectly handled password authentication on certain platforms. A remote attacker could use this issue to authenticate with an arbitrary password and establish a connection. MySQL has been updated to 5.5.24 in Ubuntu 12.04 LTS. Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10 have been updated to MySQL 5.1.63. A patch to fix the issue was backported to the version of MySQL in Ubuntu 8.04 LTS. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2122
SHA-256 | 52928dd0c621971574807252ccbdfb1af768836701965a6ed9bfbf0a6c13a411
Squiggle 1.7 SVG Browser Java Code Execution
Posted May 18, 2012
Authored by Nicolas Gregoire, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms.

tags | exploit, java, arbitrary, code execution
systems | linux, windows
SHA-256 | 24c7b9f43ad4bc7ab845971e498435dbb71b35eb0f5542e9973eab4ad82fb513
SAP Netweaver 7.0 EHP1/EHP2 Buffer Overflows
Posted May 8, 2012
Authored by Core Security Technologies, Martin Gallo | Site coresecurity.com

Core Security Technologies Advisory - SAP Netweaver is a technology platform for building and integrating SAP business applications. Multiple vulnerabilities have been found in SAP Netweaver that could allow an unauthenticated, remote attacker to execute arbitrary code and lead to denial of service conditions. The vulnerabilities are triggered sending specially crafted SAP Diag packets to remote TCP port 32NN (being NN the SAP system number) of a host running the "Dispatcher" service, part of SAP Netweaver Application Server ABAP. By sending different messages, the different vulnerabilities can be triggered.

tags | exploit, remote, denial of service, arbitrary, tcp, vulnerability
advisories | CVE-2011-1516, CVE-2011-1517, CVE-2012-2511, CVE-2012-2512, CVE-2012-2513, CVE-2012-2514
SHA-256 | 84108ccf75a417b942e0291cf7c3798ea4c264ddce271305c260f4c3931d47e5
iOS Application (In)Security
Posted May 6, 2012
Authored by Dominic Chell | Site mdsec.co.uk

This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.

tags | paper, vulnerability
systems | cisco, apple, iphone
SHA-256 | 334c947d960799417387ce8f1c27188fc7f859bd204b9dc50890663d07a20fba
Red Hat Security Advisory 2012-0532-01
Posted May 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0532-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.

tags | advisory, web
systems | linux, redhat
SHA-256 | 5f4958faa1940ec84e49215c74c654681567d9cc83e76643a347de582c9f6943
Red Hat Security Advisory 2012-0529-01
Posted May 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0529-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

tags | advisory, java, protocol, python
systems | linux, redhat
advisories | CVE-2011-3620
SHA-256 | 864d3ffb6d608bfe2b2a71547be9daddfd9edd1ae1ae007b72b5a714344c542e
Red Hat Security Advisory 2012-0528-01
Posted May 1, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0528-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.

tags | advisory, java, protocol, python
systems | linux, redhat
advisories | CVE-2011-3620
SHA-256 | 8e1f635af01186e162dc449d1ea4804d08755de2a9e4dd9ac3b2e49a7e04c767
Secunia Security Advisory 48954
Posted Apr 26, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixes a security issue and two vulnerabilities, which can be exploited by malicious people to manipulate certain data and disclose potentially sensitive information.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | cf49e0f1fa6aee8fcedff16c76c7c1395d44eb2c319e3a6d8a8005ca2712e68d
Red Hat Security Advisory 2012-0519-01
Posted Apr 25, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
SHA-256 | 4c2d7e867f2236c82154ad3fdca5b623e021c311c49562d7e1ef097fb83249f5
Secunia Security Advisory 48697
Posted Apr 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for JBoss Enterprise BRMS Platform. This fixes a security issue and two vulnerabilities, which can be exploited by malicious people to manipulate certain data and disclose potentially sensitive information.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | da4bcb6c460a25426b6d5d21995e88befc2cf933ac435842fddcea46f354548b
Red Hat Security Advisory 2012-0441-01
Posted Apr 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0441-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements. The following security issues are also fixed with this release: It was found that RESTEasy was vulnerable to XML External Entity attacks. If a remote attacker submitted a request containing an external XML entity to a RESTEasy endpoint, the entity would be resolved, allowing the attacker to read files accessible to the user running the application server. This flaw affected DOM Document and JAXB input.

tags | advisory, remote, xxe
systems | linux, redhat
advisories | CVE-2011-4314, CVE-2012-0818
SHA-256 | aa88fdb7a6bd80c673f8c3a8fd33a6748135e59f49d09b6b5f841cb97ee7fcb8
Firewall Builder With GUI 5.1.0.3599
Posted Mar 29, 2012
Site fwbuilder.org

Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.

Changes: Packages for Windows and Mac OS X are now distributed under the GPL, and the source code includes all files necessary to build on Linux, *BSD, Windows, and Mac OS X. This release also includes a few bugfixes in the policy compiler for iptables and for the build problem on Gentoo.
tags | tool, firewall
systems | cisco, linux, unix, openbsd
SHA-256 | 452514a1ec0be1416bfca93603e6c89deb91d1a3a19671c64b5a8868a3743daf
Red Hat Security Advisory 2012-0378-01
Posted Mar 12, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0378-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA Platform 5.2.0. It includes various bug fixes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4314
SHA-256 | edcf861d81ea82babff215e8b580f0e95e898d64d1af48e454d3209c52714935
Red Hat Security Advisory 2012-0345-02
Posted Mar 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0022
SHA-256 | 5f8ed354af7f93aae635f0011391c698a68ac7e5da46495e45b1d1b424d2b453
Debian Security Advisory 2420-1
Posted Feb 29, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2420-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform.

tags | advisory, java, vulnerability
systems | linux, debian
advisories | CVE-2011-3377, CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
SHA-256 | fa1b83bdce1c8a57ecb30bfd91b17d3c396d3e17e373a4a5a9bbff32d14720f2
Ubuntu Security Notice USN-1377-1
Posted Feb 28, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1377-1 - Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, xss, ruby
systems | linux, ubuntu
advisories | CVE-2010-0541, CVE-2011-0188, CVE-2011-1004, CVE-2011-1005, CVE-2011-2686, CVE-2011-2705, CVE-2011-4815, CVE-2010-0541, CVE-2011-0188, CVE-2011-1004, CVE-2011-1005, CVE-2011-2686, CVE-2011-2705, CVE-2011-4815
SHA-256 | cec298eba7976ebaa181ffd4c17d9f86fd8b7f0120e64642a7761c57933776cd
Page 2 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close