what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files Date: 2011-09-15

Red Hat Security Advisory 2011-1304-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1304-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 611749ac30b6c0a2d7fdcb3b5973a59adc018d4a2f2844b63adf828d10fb3d44
Red Hat Security Advisory 2011-1303-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1303-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Web Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 697ec5e6af989722b10a604b855f51000e659801d88b4dae2afab203605e1441
Red Hat Security Advisory 2011-1302-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1302-01 - JBoss Web Services Native is a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 563443521960e3a6fae50e4d40537279ef761819c4b357acabca2a48d06ab630
Red Hat Security Advisory 2011-1301-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1301-01 - The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Application Platform. It implements the JAX-WS specification. It was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions. A remote attacker could exploit this flaw by sending a specially-crafted HTTP POST request to a deployed web service, causing excessive CPU and memory consumption on the system hosting that service. If the attack is repeated to consume all available network sockets, the server will become unavailable. This flaw did not affect systems using JBoss Web Services CXF.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1483
SHA-256 | 518a92cc69e9b5c62414e64cd16393b893fe3664e0e3a0657c94f5ab98b93477
Red Hat Security Advisory 2011-1300-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1300-01 - The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-3192
SHA-256 | bbf257d16d4b33fe3a4b4620ca33a870becb160a5669a9ac0f80792b0132cf8d
Red Hat Security Advisory 2011-1299-01
Posted Sep 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1299-01 - Red Hat Network Satellite provides a solution to organizations requiring absolute control over and privacy of the maintenance and package deployment of their servers. It allows organizations to utilize the benefits of the Red Hat Network without having to provide public Internet access to their servers or other client systems. Multiple cross-site scripting flaws were found in the RHN Satellite web interface. A remote attacker could use these flaws to perform a cross-site scripting attack against victims using the RHN Satellite web interface.

tags | advisory, remote, web, xss
systems | linux, redhat
advisories | CVE-2011-1594, CVE-2011-2919, CVE-2011-2920, CVE-2011-2927, CVE-2011-3344
SHA-256 | 21135eb5911ccf26f101f2bd3254c7321ca5bf705d521b793c43b7b8ca4038b1
E-Works Media SQL Injection
Posted Sep 15, 2011
Authored by 3spi0n

E-Works Media suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c0014f35779ce3396f728859d475acf19be2c1d436d0cd6e858c991b5da71275
SAP WebAS Malicious SAP Shortcut Generation
Posted Sep 15, 2011
Authored by Mariano Nunez Di Croce | Site onapsis.com

Onapsis Security Advisory - Weaknesses in the SAP WebAS system allow for malicious shortcut generation. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

tags | advisory, vulnerability
SHA-256 | 32765a43c85053cc199a128f6134c3af8ada30764b99921dd00412a849720679
SAP WebAS webrfc Cross Site Scripting
Posted Sep 15, 2011
Authored by Mariano Nunez Di Croce | Site onapsis.com

Onapsis Security Advisory - SAP WebAS suffers from a cross site scripting vulnerability. Upon a successful exploitation, an attacker would be able to obtain sensitive information from legitimate users through social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.

tags | advisory, vulnerability, xss
SHA-256 | da774926d74eeaa735ada09954cd7b6d44b6f03c5ce42072d67b01799a0d56c5
SAP WebAS Remote Denial Of Service
Posted Sep 15, 2011
Authored by Mariano Nunez Di Croce | Site onapsis.com

Onapsis Security Advisory - An unauthenticated attacker can remotely disrupt the SAP Application Server and cause a denial of service condition. This would result in the total unavailability of the ERP functionality, preventing company users from performing the required business processes.

tags | advisory, denial of service
SHA-256 | de1a526a09377a0ed8182d857eb00916bfdd1fa815f7b172bc6f5c71f72ee65e
Nortel Contact Recording Centralized Archive 6.5.1 SQL Injection
Posted Sep 15, 2011
Authored by rgod | Site retrogod.altervista.org

Nortel Contact Recording Centralized Archive version 6.5.1 EyrAPIConfiguration web service getSubKeys() remote SQL injection exploit.

tags | exploit, remote, web, sql injection
SHA-256 | 27b12eef97e781f64f7591895d2eaea4644f23580af43939185669da95e9c35c
URLCrazy Domain Name Typo Tool 0.4
Posted Sep 15, 2011
Authored by Andrew Horton | Site morningstarsecurity.com

URLCrazy enables the study of domainname typos and URL hijacking. URLCrazy is a domainname typo generator that generates 13 types of typos, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo is a valid domain, tests if domain typos are in use, and estimates the popularity of a typo.

Changes: It now also supports bit flipped domains. Urlcrazy is written in Ruby.
tags | tool, web
systems | unix
SHA-256 | 1508aab43633f915ded61710cf102778608f8c3ac34461c12982e8e8afa13a57
StarDevelop.LiveHelp 2.0 Local File Inclusion
Posted Sep 15, 2011
Authored by KedAns-Dz

StarDevelop.LiveHelp versions 2.0 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 72ef0e5bedcf1014fa14007e597440a3e89e58ff3753be161571a4b40456a631
WordPress Auctions 1.8.8 SQL Injection
Posted Sep 15, 2011
Authored by sherl0ck_

WordPress Auctions plugin versions 1.8.8 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 279e1e690925e99a3c19f52637e86d1366ca4e43efe5cf4e33d3cfa3a35ec58d
EMC Ionix Products Buffer Overflow
Posted Sep 15, 2011
Authored by Abdul Aziz Hariri | Site emc.com

Multiple EMC Ionix products contain a buffer overflow vulnerability. The vulnerability may allow a remote unauthenticated user to send a specially-crafted message over TCP or UDP to cause a denial of service or, possibly, execute arbitrary code.

tags | advisory, remote, denial of service, overflow, arbitrary, udp, tcp
advisories | CVE-2011-2738
SHA-256 | 3f9ddf9e65f8cb45de206c4527ea70f75c012dbcc6185c6fb3ed11642757ce68
Secunia Security Advisory 46018
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the IGIT Related Post With Thumb plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | ca0d908f234855b6e1ab2eb6175d300b95ec9d2fef6112938ab15f86ec68d482
Secunia Security Advisory 45949
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sherl0ck_ has discovered two vulnerabilities in the Auctions plugin for WordPress, which can be exploited by malicious users to conduct SQL injection attacks.

tags | advisory, vulnerability, sql injection
SHA-256 | cf515c974a8d90dcaeb4f23e256d98f0d17bcd4e86365ea03d63a4a50c19e4f6
Secunia Security Advisory 45978
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, local, vulnerability
SHA-256 | aa4fb632decf2af170ecaaa40530272b6941219269eef2cd01722624368be8c7
Secunia Security Advisory 45984
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in NetCat, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | 3d64dc7076620bdb50706ef1f98d1d86b78bd062ecafd2251e5ed0691fb2b83a
Secunia Security Advisory 46010
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for librsvg2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

tags | advisory, denial of service
systems | linux, redhat
SHA-256 | c0c9a566b4af6d510934714055ee2bae3e59e0be8e5d6ddd45bda39f7f056b74
Secunia Security Advisory 45995
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gustavo Roberto Rodrigues Goncalves has discovered a vulnerability in Orion Network Performance Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | eb8fd66d8072845aad3e4af5f5cfbc16d18df77038a0aede856fb5e8867d33d4
Secunia Security Advisory 46021
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - MustLive has discovered a vulnerability in the Advance Tag extension for Magento, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | d54478253a6e059aa52fabb55a39f496c96e63077fb615d362b8d6187dc67252
Secunia Security Advisory 46011
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to potentially compromise a vulnerable system.

tags | advisory
SHA-256 | 4e89ffc0941db9521dcecbde0ab3c997e39f621d86ca283d29065ef4c6b20323
Secunia Security Advisory 45893
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openssl. This fixes a weakness, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
systems | linux, debian
SHA-256 | 2c8607780d104bd7668ef52b8460e5258d5e17517775e5dc9c06e84718070845
Secunia Security Advisory 45973
Posted Sep 15, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Luigi Auriemma has discovered some vulnerabilities in ScadaPro, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 3842a2bcbddb82aee9ca9591b95b22173e97f4ee6c0208af7fffd234ee59e0f8
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close