what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files Date: 2011-09-09

Mandriva Linux Security Advisory 2011-134
Posted Sep 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-134 - Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service via a long TAG in a legacy syslog message. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-3200
SHA-256 | e2b9a9eebcd2c457f08a472995ec53958f06ca166dcb40494ec1727187937f57
Spring Security RunAsManager Privilege Escalation
Posted Sep 9, 2011
Authored by SpringSource Security Team, Rob Winch

Spring Security provides a mechanism (RunAsManager) to allow particular operations to run with a different set of privileges than the predefined user. The implementation contains a race condition whereby the escalated privileges could also be used in a different invocation in another thread. Versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 are affected.

tags | advisory
advisories | CVE-2011-2731
SHA-256 | 47b96c9de342642c2cd4e172c544b89e012a3797e75972454bb8c77cb5091e42
Freefloat FTP Server APPE Command Overflow
Posted Sep 9, 2011
Authored by Veerendra G.G | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the APPE command in the Freefloat FTP server.

tags | exploit, overflow
SHA-256 | 950c862e6b6de9d40cbd1985606f5537b80f3a942e3fe1a254c131ec594dd88d
WordPress WP-Filebase Download Manager 0.2.9 SQL Injection
Posted Sep 9, 2011
Authored by Miroslav Stampar

WordPress WP-Filebase Download Manager plugin versions 0.2.9 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c3a7489072c55d9ec457c3d9223ffc28ffb90246c243bf41770af0fa7079fba6
WordPress A To Z Category Listing 1.3 SQL Injection
Posted Sep 9, 2011
Authored by Miroslav Stampar

WordPress A to Z Category Listing plugin versions 1.3 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | d79382856246f58f3bb1298a9b331b7c87742153ce6970cdc9b31ffef787df3e
Spring Framework / Spring Security Serialization-Based Issues
Posted Sep 9, 2011
Authored by Wouter Coekaerts, SpringSource Security Team

Spring Framework versions 3.0.0 to 3.0.5 and Spring Security versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 suffer from serialization issues. Several issues have been reported which may affect applications which de-serialize objects from an untrusted source such as a remote client. It is possible for a malicious client to inject undesirable behavior into the server by serializing proxies rather than specific class instances, or by taking advantage of internal AOP interfaces which were being exposed through the remote service, in addition to the service interface.

tags | advisory, remote
advisories | CVE-2011-2894
SHA-256 | f905e5bf5433c31b6e389d1aca05670a117b1f5976e8502215745fe22fe34fc4
Spring Security Header Injection
Posted Sep 9, 2011
Authored by SpringSource Security Team, David Mas

Spring Security allows the use of a parameter (named "spring-security-redirect" by default) to determine the location URL to which a user will be redirected after logging in. This will normally be submitted as part of the login request, so is deemed to be an acceptable use of remote supplied data. However, the functionality is in a base class which is also shared by logout code, so a logout URL could be maliciously constructed to contain a version of this parameter which contained CRLF characters in order to inject additional headers or split the response. Versions 2.0.0 to 2.0.6 and 3.0.0 to 3.0.5 are affected.

tags | exploit, remote
advisories | CVE-2011-2732
SHA-256 | 190a53655a53fda33bb5be21ed5b61b82d8ef40a6afea588925d6719c66f2ba0
MYRE Real Estate Software Cross Site Scripting / SQL Injection
Posted Sep 9, 2011
Authored by Sooraj K.S | Site secpod.com

MYRE Real Estate Software suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | f55bf895d71ad9c47ff89a07e549e560d612d3b25ab2af10eaaa70388f3d638a
Spring Framework Information Disclosure
Posted Sep 9, 2011
Authored by Stefano Di Paola, Arshan Dabirsiaghi, SpringSource Security Team

Spring Framework versions 3.0.0 to 3.0.5, 2.5.0 to 2.5.6.SEC02, and 2.5.0 to 2.5.7.SR01 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2011-2730
SHA-256 | f0dc757e73d89236f2c88698d4791d1317a31be811db0b76dade2bee53c8a3d7
Xataface WebAuction / Librarian DB XSS / LFI / SQL Injection
Posted Sep 9, 2011
Authored by Antu Sanadi | Site secpod.com

Xataface WebAuction versions 0.3.6 and below and Xataface Librarian DB versions 0.2 and below suffer from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, xss, sql injection, file inclusion
SHA-256 | eeb1be34f9b3ea62cad720ef286c45c943798050461a867a2c199ec66f0143b6
BisonFTP 3.5 Buffer Overflow
Posted Sep 9, 2011
Authored by Veerendra G.G, localh0t | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the BisonFTP Server versions 3.5 and below.

tags | exploit, overflow
advisories | CVE-1999-1510
SHA-256 | 018520acb6e1863986585a84609a42da6c2d2770126553bfe3a6abac64147ef0
Ubuntu Security Notice USN-1197-5
Posted Sep 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-5 - USN-1197-1 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates. It was discovered that Dutch Certificate Authority DigiNotar, had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.

tags | advisory
systems | linux, ubuntu
SHA-256 | 65cf1792f7a4dd38c9c5bf612f354a54cb4983de28f468427142e9874d7aa170
Debian Security Advisory 2303-1
Posted Sep 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2303-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2011-1020, CVE-2011-1576, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, CVE-2011-2918, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 72d50088cc453629042c1d2a8fe39ec8d1f2442c069a5c04c5bf02d848669ad6
Ubuntu Security Notice USN-1197-4
Posted Sep 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1197-4 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for the Network Security Service libraries (NSS). USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar, had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.

tags | advisory
systems | linux, ubuntu
SHA-256 | 2fa3d9961038c477b07ac26e41cda71fa80220ec29136cc74f18296bca564134
Debian Security Advisory 2302-1
Posted Sep 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2302-1 - It has been discovered that the bcfg2 server, a configuration management server for bcfg2 clients, is not properly sanitizing input from bcfg2 clients before passing it to various shell commands. This enables an attacker in control of a bcfg2 client to execute arbitrary commands on the server with root privileges.

tags | advisory, arbitrary, shell, root
systems | linux, debian
advisories | CVE-2011-3211
SHA-256 | 55efb7a2128a1ef35890d6ea654ca071a81a08262593a044dc09efca187277b6
HP Security Bulletin HPSBUX02702 SSRT100606
Posted Sep 9, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02702 SSRT100606 - A potential security vulnerability has been identified with HP-UX Apache Web Server. These vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, web, denial of service
systems | hpux
advisories | CVE-2011-0419, CVE-2011-3192
SHA-256 | 56ce56453dcdcdf048753152dd2165359229dd31558d0c9f6b820c059512d8e0
MyAuth 3 Blind SQL Injection
Posted Sep 9, 2011
Authored by Marcio Almeida

MyAuth version 3 remote blind SQL injection exploit that allows for access to a root shell.

tags | exploit, remote, shell, root, sql injection
SHA-256 | b8e7f5d20629287f5a705b87cdbabad2746378222327dc62a83ec133d1fba24f
Pluck 4.7 Local File Inclusion / Disclosure
Posted Sep 9, 2011
Authored by Bl4k3

Pluck version 4.7 suffers from local file disclosure and inclusion vulnerabilities.

tags | exploit, local, vulnerability, file inclusion, info disclosure
SHA-256 | a03439cea8b56ef6bcaeba2d0ea59cddf5356139c3772a66008253bee15768f3
Ubuntu 11.04 FTP Client Buffer Overflow
Posted Sep 9, 2011
Authored by localh0t

Ubuntu versions 11.04 and below ftp client local buffer overflow crash proof of concept exploit.

tags | exploit, overflow, local, proof of concept
systems | linux, ubuntu
SHA-256 | e117701bee907294456727f26f4110ff0ab6796ed4c467bde81cb8deb5c6ec59
OpenCart 1.5.1.2 Blind SQL Injection
Posted Sep 9, 2011
Authored by Rires Walid

OpenCart version 1.5.1.2 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 03f2b7c902a321c3e1e95b810d5409a62e0d60f78cdcfef0b98dce865755ade9
Microsoft Security Bulletin Advance Notification For September 2011
Posted Sep 9, 2011
Site microsoft.com

This bulletin summary lists 5 Microsoft security bulletins released for September 2011.

tags | advisory
SHA-256 | 658fe67fafa3857a68903e54a6728f3a857e12d1a29f5631f5e161d96c761469
28C3 Call For Participation
Posted Sep 9, 2011
Site cccv.pentabarf.org

Call for participation for the 28C3 Chaos Communication Congress. The Chaos Communication Congress is the annual four-day conference organized by the Chaos Computer Club (CCC) in Berlin, Germany. First held in 1984, it has since established itself as "The European Hacker Conference" attracting a diverse audience of thousands of hackers, scientists, artists, and utopists from all around the world. It will be held from December 27th through the 30th, 2011.

tags | paper, conference
SHA-256 | d18b745920f6bf0c3840d8aca089fc49f4df8e1c0585934c4bbc523f32db6535
Secunia Security Advisory 45923
Posted Sep 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the MailformPlus extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 5324410f7bf40e6082479aea218f2b8692b7493cc3829280b97f94e7733d2ab7
Secunia Security Advisory 45945
Posted Sep 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory
systems | linux, fedora
SHA-256 | 205742f45cf019e2f9547d7eba5caa5640e194a5b2d566c8ffaac04b4ef5736a
Secunia Security Advisory 45947
Posted Sep 9, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Direct Mail Subscription extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

tags | advisory, vulnerability, xss, sql injection
SHA-256 | 18c9e862d2786b09b47d0fbbb65ef375ae9c045eaf2536de18834c9a563f0bbb
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close