what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

Webpower UPS 5.53 Denial Of Service
Posted Jul 3, 2023
Authored by Yehia Elghaly

Webpower UPS version 5.53 suffers from an HTTP denial of service vulnerability. This product stop being supported nearly 10 years ago.

tags | exploit, web, denial of service
SHA-256 | f469bceea0605105d3cbe67c57d08944f6c39dfa4a407ca86cbb376fc34668be

Related Files

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, x86, kernel, peer2peer
systems | linux
SHA-256 | ac457a33c004f3bd3a25772290cda9731e40b46e0e85df2b2dfc7e8e8804b497
Tor-ramdisk i686 UClibc-based Linux Distribution MIPS 20111225
Posted Dec 27, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Changes: This release incorporates an important security fix from upstream and an upgrade is recommended. Tor was updated to 0.2.2.35, libevent to 2.0.16, and the kernel to 2.6.32.50 plus Gentoo's hardened-patches-2.6.32-83.extras.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 9f962a1146b166cb12019ea5b182eacc2cc8694e655e19753e3b166705565b31
Nagios Plugin check_ups Buffer Overflow
Posted Dec 26, 2011
Authored by Stefan Schurtz

Nagios Plugin check_ups local buffer overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
SHA-256 | 480e395245d4f2a787ed42a9a1c6f63c6b984d7222841a698055b21a9e6522f2
Debian Security Advisory 2369-1
Posted Dec 22, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2369-1 - It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.

tags | advisory, remote, web
systems | linux, debian
advisories | CVE-2011-2524
SHA-256 | e634802cfae069d5d50208bd0bc4815d5ddbbfd3098ea941bd70b031e1a7a505
TOR Virtual Network Tunneling Tool 0.2.2.35
Posted Dec 18, 2011
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes a critical heap overflow security issue in Tor's buffers code. Absolutely everybody should upgrade. The bug relied on an incorrect calculation when making data continuous in one of the IO buffers, if the first chunk of the buffer was misaligned by just the wrong amount. The miscalculation would allow an attacker to overflow a piece of heap-allocated memory. Various other fixes and enhancements are included in this release.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-2778
SHA-256 | f141a41fffd31494a0f96ebbb6b999eab33ce62d5c31f81222a0acd034adbf3a
Secunia Security Advisory 47150
Posted Dec 11, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory
systems | linux, redhat
SHA-256 | 626eaf01381433a87a91e0e1e94dd7d951dfdc5f7da578b867ab137c8a6959b4
Red Hat Security Advisory 2011-1635-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1635-03 - The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user.

tags | advisory, overflow, arbitrary
systems | linux, redhat, unix
advisories | CVE-2011-2896
SHA-256 | fe5f2da378d6df165af1406df4d08d0fd5b4ea9f6d02822b8213d9c409c860c9
Red Hat Security Advisory 2011-1531-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1531-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line with the "-runas" option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2011-2527
SHA-256 | 16923c194b532ddc6c8d7a2dcc4465a1625af19775eb04b43ffaf4553809d229
Secunia Security Advisory 47054
Posted Dec 1, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for cups. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | e8321de2ee9e418e1c68213a94ff63b7bce68753fa013e8e5e84a24c668d2cc0
Debian Security Advisory 2354-1
Posted Dec 1, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2354-1 - Petr Sklenar and Tomas Hoger discovered that missing input sanitising in the GIF decoder inside the Cups printing system could lead to denial of service or potentially arbitrary code execution through crafted GIF files.

tags | advisory, denial of service, arbitrary, code execution
systems | linux, debian
advisories | CVE-2011-2896, CVE-2011-3170
SHA-256 | 7f113952be28c42d62a36b7f9cc4415e144cd6c8fe1716bd4b204297ff211d6a
Ubuntu Security Notice USN-1265-1
Posted Nov 17, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1265-1 - Marc Deslauriers discovered that system-config-printer's cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2011-4405
SHA-256 | 359ddbd8a20109cf0cd0c50fb699368bbf5e8dbb3241a43302e56fbcca6dbd33
Mandriva Linux Security Advisory 2011-167
Posted Nov 4, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-167 - A vulnerability has been discovered and corrected in gimp. The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream. The updated packages have been patched to correct these issues.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2006-1168, CVE-2011-2895, CVE-2011-2896
SHA-256 | 8a29a2d7371a1293745f074454cbdde2256235ffc8c8e80d6c3920544ba0156b
RSA Key Manager Appliance 2.7 SP1 Hotfix 6 Released
Posted Nov 3, 2011
Site emc.com

RSA has delivered an update on RSA Key Manager Appliance 2.7 Service Pack1 that includes security related component updates including Oracle Critical Patch Update (CPU) July 2011 and RSA Access Manager Server, security vulnerability fix, hot fix roll-ups and bug fixes.

tags | advisory
advisories | CVE-2011-2740
SHA-256 | b3b3018dfe32899d541965ac824cd23af6a61e18beae800a1a6ae93c827686e0
TOR Virtual Network Tunneling Tool 0.2.2.34
Posted Nov 3, 2011
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes a critical anonymity vulnerability where an attacker can deanonymize Tor users. Everybody should upgrade. This release also fixes several vulnerabilities that allow an attacker to enumerate bridge relays.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2011-2768
SHA-256 | a027a535b35e5f9ca7091e4c83a06b4be48f0f95d6906bdd467ccc0659e7e798
Tor-ramdisk i686 UClibc-based Linux Distribution x86_64 20111103
Posted Nov 3, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.

Changes: This release incorporates a critical fix from upstream. It is recommended that users upgrade as soon as possible. Tor was bumped to version 0.2.2.34, libevent to 2.0.15, and the kernel to 2.6.32.46 plus Gentoo\'s hardened-patches 2.6.32-74.extras.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 568e19f2bee2f40b7aebc94201e6e7c0530c0bd21dc063fc84fb7086b0936c20
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20111103
Posted Nov 3, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: This release incorporates a critical fix from upstream. It is recommended that users upgrade as soon as possible. Tor was bumped to version 0.2.2.34, libevent to 2.0.15, and the kernel to 2.6.32.46 plus Gentoo\'s hardened-patches 2.6.32-74.extras.
tags | tool, x86, kernel, peer2peer
systems | linux
SHA-256 | 9f48d660d26082a6c4a6578c1d352d077f8b51add9b99f5492d02edb6099243e
Tor-ramdisk i686 UClibc-based Linux Distribution MIPS 20111103
Posted Nov 3, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. MIPS version.

Changes: This release incorporates a critical fix from upstream. It is recommended that users upgrade as soon as possible. Tor was bumped to version 0.2.2.34, libevent to 2.0.15, and the kernel to 2.6.32.46 plus Gentoo's hardened-patches 2.6.32-74.extras.
tags | tool, kernel, peer2peer
systems | linux
SHA-256 | 673b5bc02fbe9d2b593026ad503b8f7a1cbd34953021173247f95ffb1bceb976
Secunia Security Advisory 46623
Posted Oct 31, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the Organic groups module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 0a14d1d4b25aa05cbe651a9539f760ec6a2c8a5234a7b612b1ff83d75dbdb959
Ubuntu Security Notice USN-1238-2
Posted Oct 25, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1238-2 - USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a regression in Ubuntu 11.04 when executing certain commands. This update fixes the problem. It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3872
SHA-256 | 24f1ff0a4bf1e3e276009e4999f192df87a00a2098234c3807f2ffc5f471cff2
Secunia Security Advisory 46409
Posted Oct 19, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability, csrf
systems | linux, suse
SHA-256 | b86aaf326a74078f11fdfd034b775061d36b2cdcbb8b5d9c90c941f105cf8bb1
Secunia Security Advisory 46448
Posted Oct 18, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for cups. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks and potentially compromise a vulnerable system.

tags | advisory, vulnerability, csrf
systems | linux, suse
SHA-256 | e83806af24da53c32dc9ee02ebab6c0645864a294f3fb367267d073f973ac092
Mandriva Linux Security Advisory 2011-147
Posted Oct 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-147 - The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. The updated packages have been patched to correct this issue.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2011-3170
SHA-256 | af8b903986d241f2e750a29c0292b80e3f1dfc417d0557ec4e94c38e584385f0
Mandriva Linux Security Advisory 2011-146
Posted Oct 10, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-146 - The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service via HTTP_UNAUTHORIZED responses. The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to and CVE-2011-2895. The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-2432, CVE-2011-2896, CVE-2011-3170
SHA-256 | 48a1c0fec4da5f4548c480faaebd5504e2e71bfb04dc4f7b79dc01b7f4e22a7d
Tor-ramdisk i686 UClibc-based Linux Distribution x86 20110915
Posted Sep 26, 2011
Authored by Anthony G. Basile | Site opensource.dyc.edu

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86 version.

Changes: Tor was bumped to 0.2.2.33, busybox was bumped to 1.19.2, and the kernel to 2.6.32.46 plus Gentoo's hardened-patches 2.6.32-69.extras.
tags | tool, x86, kernel, peer2peer
systems | linux
SHA-256 | 2595aac00e1f1fd00aa17d72ec16288194319b32e89f5084e31499759a88cf98
TOR Virtual Network Tunneling Tool 0.2.2.33
Posted Sep 21, 2011
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This release fixes several bugs and includes a slight tweak to Tor's TLS handshake which makes relays and bridges which run this new version reachable from Iran again.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 5af42b1cc07704fcbde8bb44380e5a02ebedc75470a132c70022ecb5f8476bcf
Page 3 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close