what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files Date: 2013-04-07

OTRS FAQ Cross Site Scripting
Posted Apr 7, 2013
Authored by Luigi Vezzoso

The OTRS FAQ module suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2013-2637
SHA-256 | 22e42064ae8575aeb1a04d081c859fbf0209078c9e5d23d0a639b2d588b15791
Belkin Wemo Arbitrary Firmware Upload
Posted Apr 7, 2013
Authored by Daniel Buentello

Belkin Wemo versions prior to WeMo_US_2.00.2176.PVT suffer from an arbitrary firmware upload vulnerability.

tags | exploit, arbitrary, file upload
advisories | CVE-2013-2748
SHA-256 | 87ce1b406dd2592abb929c4664b6ec19f436813a9c618655fd04efa8165bac9d
HP System Management Homepage Local Privilege Escalation
Posted Apr 7, 2013
Authored by agix | Site metasploit.com

HP System Management Homepage versions 7.1.2 and below include a setuid root smhstart which is vulnerable to a local buffer overflow in the SSL_SHARE_BASE_DIR env variable.

tags | exploit, overflow, local, root
advisories | OSVDB-91990
SHA-256 | 357a44bede2c2741756ca4862ede64872c7d755406c54c4a9748b5b8c68b77ef
Mandriva Linux Security Advisory 2013-049
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-049 - An array index error, leading to out-of heap-based buffer read flaw was found in the way net-snmp agent performed entries lookup in the extension table. When certain MIB subtree was handled by the extend directive, a remote attacker having read privilege to the subtree could use this flaw to cause a denial of service via SNMP GET request involving a non-existent extension table entry. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-2141
SHA-256 | e1c7d46ac51b21c86ff535d91b4f336eb15651658fcc5feadcef4fff8c1c8935
Mandriva Linux Security Advisory 2013-052
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-052 - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid key. The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the Lucky Thirteen issue. The updated packages have been upgraded to the 1.0.0k version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, protocol
systems | linux, mandriva
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | 45f3e48573ae559cee00727235a6991efe4ffe008121b06d31f87dd310773e8f
Mandriva Linux Security Advisory 2013-048
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-048 - ncpfs 2.2.6 and earlier attempts to use ncpmount to append to the /etc/mtab file and ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct these issues.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2011-1679, CVE-2011-1680
SHA-256 | f3631c5fc1eb40f90fb2bc0d9cf75cb49f7c015c051764f695678c32442223c0
Mandriva Linux Security Advisory 2013-055
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-055 - Infinite and large loops in ANSI MAP, BACapp, Bluetooth HCI, IEEE 802.3, LTP, and R3 dissectors have been fixed in Wireshark. Various other issues have also been addressed. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-2392, CVE-2012-2393, CVE-2012-2394, CVE-2012-4048, CVE-2012-4049, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4296, CVE-2012-4297, CVE-2012-5239, CVE-2012-6054, CVE-2012-6056, CVE-2013-2478, CVE-2013-2480, CVE-2013-2481, CVE-2013-2482, CVE-2013-2483, CVE-2013-2484, CVE-2013-2485, CVE-2013-2488
SHA-256 | 50158dbc1509957ea5b55594adaf0d178e91d56e6ed9f76cc060e45ce63180df
Mandriva Linux Security Advisory 2013-051
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-051 - The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service by periodically making many new TCP connections. The updated packages have been patched to correct thies issue.

tags | advisory, remote, denial of service, tcp
systems | linux, mandriva
advisories | CVE-2010-5107
SHA-256 | acc76cff124d5c2cf17288a23f0fd809095f995c4edbb768a07682ced3f89a18
Mandriva Linux Security Advisory 2013-053
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-053 - ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the XMKD commands. The updated packages have been patched to correct thies issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-6095
SHA-256 | adc1684b13f3d275d53a23ec11c089edb002db6ab579349343196b25ef406fdc
Mandriva Linux Security Advisory 2013-054
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-054 - A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed in the sudoers file or in LDAP. As a result, users authorized to run commands on certain IP networks may be able to run commands on hosts that belong to other networks not explicitly listed in sudoers. sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Sudo before 1.8.6p7 allows a malicious user to run commands via sudo without authenticating, so long as there exists a terminal the user has access to where a sudo command was successfully run by that same user within the password timeout period. The updated packages have been patched to correct these issues.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-2337, CVE-2013-1775, CVE-2013-1776
SHA-256 | 1c65aaaffdb72581984d2276efcf089189ca0ea9517d048d794210853c4a68ca
Mandriva Linux Security Advisory 2013-050
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-050 - Google reported to Mozilla that TURKTRUST, a certificate authority in Mozillas root program, had mis-issued two intermediate certificates to customers. The issue was not specific to Firefox but there was evidence that one of the certificates was used for man-in-the-middle traffic management of domain names that the customer did not legitimately own or control. This issue was resolved by revoking the trust for these specific mis-issued certificates. The rootcerts package has been upgraded to address this flaw and the Mozilla NSS package has been rebuilt to pickup the changes. The TLS implementation in Mozilla Network Security Services does not properly consider timing side-channel attacks on a non-compliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. The NSPR package has been upgraded to the 4.9.5 version due to dependencies of newer NSS. The NSS package has been upgraded to the 3.14.3 version which is not vulnerable to this issue. The sqlite3 update addresses a crash when using svn commit after export MALLOC_CHECK_=3.

tags | advisory, remote, root
systems | linux, mandriva
advisories | CVE-2013-0743, CVE-2013-1620
SHA-256 | 6f28f25462373688057eaa4d71d9be8e68c769c5e5d47a46c0bf0334b46cfca6
Mandriva Linux Security Advisory 2013-047
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-047 - The XSL implementation in libxslt allows remote attackers to cause a denial of service via unspecified vectors. libxslt 1.1.26 and earlier does not properly manage memory, which might allow remote attackers to cause a denial of service via a crafted XSLT expression that is not properly identified during XPath navigation, related to the xsltCompileLocationPathPattern function in libxslt/pattern.c and the xsltGenerateIdFunction function in libxslt/functions.c. libxml2 2.9.0-rc1 and earlier does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. Double free vulnerability in libxslt allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893
SHA-256 | 98161c0b908ae321ff7e41c26e4bb80ca14d2a7fa8b6e59bc0997cca1201e034
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close