exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 25 RSS Feed

Files Date: 2012-04-17

Mandriva Linux Security Advisory 2012-032-1
Posted Apr 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable. Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection. Various other issues were also addressed.

tags | advisory, javascript, xss
systems | linux, windows, mandriva
advisories | CVE-2012-0454, CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
SHA-256 | 3cbc2c67f035fe9b1398b1120f8f0507ea8dbc4b9d3dce95d3e1907578dea5a9
HP Security Bulletin HPSBOV02762 SSRT100825
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02762 SSRT100825 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, vulnerability
advisories | CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-2693, CVE-2009-2901, CVE-2009-2902, CVE-2009-3548, CVE-2009-3555, CVE-2010-1157, CVE-2010-4476, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-2729, CVE-2011-3190
SHA-256 | 7aea36aed5246255765866fa3709a5b96e6e0350e5b8bf65bfd2aaf3d2eddf7e
HP Security Bulletin HPSBOV02763 SSRT100826
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV02763 SSRT100826 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, privilege escalation, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
advisories | CVE-2006-7243, CVE-2010-1860, CVE-2010-1862, CVE-2010-1864, CVE-2010-2097, CVE-2010-2100, CVE-2010-2101, CVE-2010-2190, CVE-2010-2191, CVE-2010-2225, CVE-2010-2484, CVE-2010-2531, CVE-2010-3709, CVE-2010-3710, CVE-2010-3870, CVE-2010-4150, CVE-2010-4645, CVE-2010-4697, CVE-2010-4698, CVE-2011-0421, CVE-2011-0708, CVE-2011-0752, CVE-2011-1092, CVE-2011-1148, CVE-2011-1464, CVE-2011-1938, CVE-2011-2202, CVE-2011-4885
SHA-256 | ed9a5902d9c99aabc1fc739a0ec49b2e95fcbd6c58b9ceb14b8f6abcfe7fb2bc
Acuity CMS 2.6.x Cross Site Scripting
Posted Apr 17, 2012
Authored by Aung Khant | Site yehg.net

Acuity CMS version 2.6.x suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | cf8e68bb7f5cdf8335ff6391aa5a79026ba914c1dc4b86af412a5a98ed427b30
The Source Is A Lie
Posted Apr 17, 2012
Authored by Andreas Nusser | Site sec-consult.com

Whitepaper called The Source Is A Lie. Backdoors have always been a concern of the security community. In recent years the idea of not trusting the developer has gained momentum and manifested itself in various forms of source code review. For Java, being one of the most popular programming languages, numerous tools and papers have been written to help during reviews. While these tools and techniques are getting developed further, they usually focus on traditional programming paradigms. Modern concepts like Aspect Oriented Programming or the Java Reflection API are left out. Especially the use of Java’s Reflection API in conjunction with the lesser known “string pool” can lead to a new kind of backdoor. This backdoor hides itself from unwary reviewer by disguising its access to critical resources like credential through indirection. To raise the awareness about this particular kind of backdoor, this paper will provide a short introduction to the string pool, show how reflection can be used to manipulate it, demonstrate how a backdoor can abuse this, and discuss how it can be uncovered.

tags | paper, java
SHA-256 | 2a07f7ba8590b6f096b40e0241279121aa6cb6cc3400db03bb9062a53afd7af0
HP Security Bulletin HPSBMU02764 SSRT100827
Posted Apr 17, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02764 SSRT100827 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely and locally resulting in cross site request forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, csrf
systems | linux, windows
advisories | CVE-2009-0037, CVE-2010-0734, CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-0014, CVE-2011-0195, CVE-2011-0419, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1928, CVE-2011-1938, CVE-2011-1945, CVE-2011-2192, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3192
SHA-256 | ef4dc6d5c693e4d1488186aa6471a0d6ae5ab0b725cd9a055f4101f928dcf379
Idate.org Cross Site Scripting
Posted Apr 17, 2012
Authored by Atmon3r

Idate.org suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | ffd9dc660290b21f5d21aec5c2d8182c5b3a3ba1fffae433e873a6e73168133d
Red Hat Security Advisory 2012-0488-01
Posted Apr 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0488-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-0864, CVE-2012-1569, CVE-2012-1573
SHA-256 | 51a71be200b7104a0b6c3eddd65b911675386eeaa8bb6ce75c2ab67983a394e8
Red Hat Security Advisory 2012-0481-01
Posted Apr 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0481-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Numerous reference count leaks were found in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to cause a denial of service. A flaw was found in the Linux kernel's cifs_lookup() implementation. POSIX open during lookup should only be supported for regular files. When non-regular files pipe or other special files) are opened on lookup, it could cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat, osx
advisories | CVE-2012-0879, CVE-2012-1090, CVE-2012-1097
SHA-256 | 78cac8316e6792e90be570ad7b19b774306f7645a32558fb04f1fee0214daf09
Red Hat Security Advisory 2012-0480-01
Posted Apr 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0480-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel's IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2012-1583
SHA-256 | 3a04db312322381195a59a5cee096f0b9b31fa909549ef0629b6a10ab7127860
Secunia Security Advisory 48872
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | b2f451a4f3f6ccd8ade3878e455b37407f86d2753a496b31fad9b6c4c0b95cde
Secunia Security Advisory 48801
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in OpenVMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

tags | advisory, denial of service, local
SHA-256 | 984402f6b31dbff27bc4422bbe0b44f6ea079f2526ab796b7131273a57f1c6ce
Secunia Security Advisory 48802
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for Secure Web Server in OpenVMS. This fixes multiple vulnerabilities, where one has unknown impacts and others can be exploited by malicious people to disclose system and potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.

tags | advisory, web, denial of service, vulnerability
SHA-256 | 307dd9aa2f41af7dd2481202fcdadb33b93f8881b9dfc3d8a32eb759cef20677
Secunia Security Advisory 48841
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - HP has issued an update for Secure Web Server in OpenVMS. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service), by malicious users to manipulate certain data, and by malicious people to disclose certain system and sensitive information, bypass certain security restrictions, manipulate certain data, and cause a DoS (Denial of Service).

tags | advisory, web, denial of service, local, vulnerability
SHA-256 | 0077e7c08d4d4d3219da734a7f37ff2284a5e9319c4514f57df4b0140a70518f
Secunia Security Advisory 48862
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ryuzaki Lawlet has reported two vulnerabilities in the Yahoo Answer WordPress Auto Poster plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 63f09852c580985156a10efc301777523cedebaa15abe973cbabdf61dd43704e
Secunia Security Advisory 48838
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in SocialABC NetworX CMS, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | 9d9af2b7a97df72afae36361b5392ce88839cd1a8240c804e294d5d399dcb752
Secunia Security Advisory 48846
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | 9b3dd7f31f1ad14f0547bc9d3291530e76132653ff2c95e7dd980f4c260cb505
Secunia Security Advisory 48806
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been reported in the Phoca Favicon component for Joomla!, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges.

tags | advisory, local
SHA-256 | 4944d8c9aa85c5af39e50ddc949164a66bcaf52bbbee5dd59cf81f47b7627170
Secunia Security Advisory 48844
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for samba. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, suse
SHA-256 | 86224565a64021b68de11cae29956a8b908ba7b699a9a73732d2d6eeb675d0d3
Secunia Security Advisory 48845
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been discovered in Ushahidi, which can be exploited by malicious people to conduct cross-site request forgery and script insertion attacks.

tags | advisory, vulnerability, csrf
SHA-256 | a0b59486a84a7b488c0f52ac495bc6f24e168dfaf041f9284d0064003972659b
Secunia Security Advisory 48859
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Munin, which can be exploited by malicious, local users to manipulate certain data.

tags | advisory, local
SHA-256 | 58be6f56eb6a47546c6c305abd283c5b5a5acb8af43a0d6574614da9ef480e73
Secunia Security Advisory 48848
Posted Apr 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Khashayar Fereidani has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 1fb33f2da39d64e6baefc0408ce47a7f6c0a455a7a9a24341b0b3184ee036607
ETeamPass 2.1.5 Cross Site Scripting
Posted Apr 17, 2012
Authored by Marcos Garcia

ETeamPass version 2.1.5 suffers from a persistent cross site scripting vulnerability in users.queries.php.

tags | exploit, php, xss
advisories | CVE-2012-2234
SHA-256 | b5087dc58a490d7fda633d958a1bf30f8aef7f5d28ac7437be66583b7d63c9e7
Mandriva Linux Security Advisory 2012-059
Posted Apr 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-059 - It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. The updated packages have been patched to correct this issue.

tags | advisory, sql injection
systems | linux, mandriva
advisories | CVE-2012-0805
SHA-256 | d5f88c588379acc2bfa9ff43617fc1860c078b4a3e19d62cf9688284b0d95395
V-CMS PHP File Upload And Execute
Posted Apr 17, 2012
Authored by sinn3r, AutoSec Tools | Site metasploit.com

This Metasploit module exploits a vulnerability found on V-CMS's inline image upload feature. The problem is due to the inline_image_upload.php file not checking the file type before saving it on the web server. This allows any malicious user to upload a script (such as PHP) without authentication, and then execute it with a GET request. The issue is fixed in 1.1 by checking the extension name. By default, 1.1 only allows jpg, jpeg, png, gif, bmp, but it is still possible to upload a PHP file as one of those extension names, which may still be leveraged in an attack.

tags | exploit, web, php
advisories | CVE-2011-4828
SHA-256 | 5db10ec6f958334e9330d4c85475a69cd8b4c04de7b7b2ad6e87bd5f504d7f81
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close