exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 37 RSS Feed

Files Date: 2012-06-27

SugarCRM 6.3.1 unserialize() PHP Code Execution
Posted Jun 27, 2012
Authored by EgiX, sinn3r, juan vazquez | Site metasploit.com

This Metasploit module exploits a php unserialize() vulnerability in SugarCRM versions 6.3.1 and below which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the permissions of the webserver. The dangerous unserialize() exists in the 'include/MVC/View/views/view.list.php' script, which is called with user controlled data from the 'current_query_by_page' parameter. The exploit abuses the __destruct() method from the SugarTheme class to write arbitrary PHP code to a 'pathCache.php' on the web root.

tags | exploit, web, arbitrary, root, php
advisories | CVE-2012-0694
SHA-256 | 1e73a4a4f9bf312d43feeea95213bce49f5dcf97660320b96cca53b8c0f4ba3d
Ubuntu Security Notice USN-1483-2
Posted Jun 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1483-2 - USN-1483-1 fixed a vulnerability in NetworkManager by disabling the creation of WPA-secured AdHoc wireless connections. This update provides the corresponding change for network-manager-applet. It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-2736
SHA-256 | d9f65ac4719ba150d08e186463e35ce618c2f313114fdd6c475d4ccf81f2a1e6
Ubuntu Security Notice USN-1483-1
Posted Jun 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1483-1 - It was discovered that certain wireless drivers incorrectly handled the creation of WPA-secured AdHoc connections. This could result in AdHoc wireless connections being created without any security at all. This update removes WPA as a security choice for AdHoc connections in NetworkManager.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2012-2736
SHA-256 | d35f4e8e5191c7b3e61ad07217f45203bbb8f811b3f00949c296b7d3d6c8f3a6
Ubuntu Security Notice USN-1463-6
Posted Jun 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-6 - USN-1463-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory safety issues affecting Firefox. It was discovered that Mozilla's WebGL implementation exposed a bug in certain NVIDIA graphics drivers. The impact of this issue has not been disclosed at this time. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-3101, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-0441
SHA-256 | 25ad29d41bde009fefb9a337f7247199b62531201b03a95af1937b1f9fca28b3
Ubuntu Security Notice USN-1463-5
Posted Jun 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1463-5 - USN-1463-2 fixed a bug in Unity 2D exposed by a recent Firefox update. It was discovered that the issue was only partially fixed on Ubuntu 11.04. When Thunderbird was started from the launcher, Thunderbird was still unable to obtain pointer grabs under certain conditions. This update fixes the problem. USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a bug in Unity 2D which resulted in Firefox being unable to obtain pointer grabs in order to open popup menus. This update fixes the problem. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 59ced9782d0d884adbabdccc45bd2f21a57bf35bf61f045b944aa6e782018601
Sielco Sistemi Winlog 2.07.16 Code Execution / Directory Traversal
Posted Jun 27, 2012
Authored by Luigi Auriemma | Site aluigi.org

Sielco Sistemi Winlog versions 2.07.16 and below suffer from various code execution, stack overflow, and directory traversal vulnerabilities. Proof of concept utility included.

tags | exploit, overflow, vulnerability, code execution, proof of concept
systems | linux
SHA-256 | 2c3d3186116ed66592e68144dac18e5288896dc07ba9846d20cbd79b708917db
Symantec Web Gateway 5.0.28 LFI / Code Execution
Posted Jun 27, 2012
Authored by S2 Crew

Symantec Web Gateway version 5.0.2.8 suffers from local file inclusion, remote command execution, and arbitrary file deletion vulnerabilities.

tags | exploit, remote, web, arbitrary, local, vulnerability, file inclusion
advisories | CVE-2012-0297, CVE-2012-0298
SHA-256 | a0fccf32d3c50c44bbaec6e8b29d6a94e5b750a7a3630cb98f887b64cf02a1a9
Symantec PcAnywhere 12.5.0 Buffer Overflow
Posted Jun 27, 2012
Authored by S2 Crew

Symantec PcAnywhere version 12.5.0 login and password field buffer overflow exploit.

tags | exploit, overflow
advisories | CVE-2011-3478
SHA-256 | 431142dcabddee7d1d98c06b0f21e036c028f68d52e340f678ba55b852d410ad
Efficient Padding Oracle Attacks On Cryptographic Hardware
Posted Jun 27, 2012
Authored by Riccardo Focardi, Graham Steel, Joe-Kai Tsay, Lorenzo Simionato, Yusuke Kawamoto, Romain Bardou

This paper demonstrates how to exploit the encrypted key import functions of a variety of different cryptographic devices to reveal the imported key. The attacks are padding oracle attacks, where error messages resulting from incorrectly padded plaintexts are used as a side channel. This is the paper that made headlines regarding RSA tokens being cracked in 13 minutes.

tags | paper
SHA-256 | 2f956e99861dabc4d9e263529db1992adcbe71b48930cc4158b998b604dc42b0
Secunia Security Advisory 49733
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges and cause a DoS (Denial of Service), by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to compromise a vulnerable system.

tags | advisory, denial of service, kernel, local, vulnerability
systems | linux, redhat
SHA-256 | 95596c63f8e12d4e90c1f34eb6596003b81263b7992299a09c14e71ac4d0b484
Secunia Security Advisory 49691
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Monstra CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 265c7b5dcba3142e383147478c9ad171f9141885ab1eaea0928cf8a5cbbffcea
Secunia Security Advisory 49724
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability
SHA-256 | e20b6771fef183bbd48cd6cbf7563d4311f8f62f605b8a5dca98f09206eb8f05
Secunia Security Advisory 49720
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Dove Forums, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | de3d049ab9cf12baa7ae88abf9466b4282e1899571dd007324a81a6a351b0853
Secunia Security Advisory 49732
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for libwpd. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, redhat
SHA-256 | 08960ecc892958042edf006d5da01a264cb66877d2bf95a5f2582ec4a7510c50
Secunia Security Advisory 49723
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in AIX sendmail, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
systems | aix
SHA-256 | 8c6724513a3c5e356afa8652d823436b5bd7ac975cddafc9f05b68a1a31303d8
Secunia Security Advisory 49734
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue and a vulnerability have been reported in Red Hat Directory Server, which can be exploited by malicious users to disclose sensitive information.

tags | advisory
systems | linux, redhat
SHA-256 | 6f4998a6c8579b1ce06e07cf1b17fcc9b3837d35f93522f707f77545b1df8586
Secunia Security Advisory 49727
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Symantec Message Filter, which can be exploited by malicious people to disclose sensitive information, conduct session fixation, cross-site scripting, and cross-site request forgery attacks.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 5f498972f45a98052b0d2584cd3edfcd8377be6ddb5d6e5e30d33ac190f533c3
Secunia Security Advisory 49682
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in the Website FAQ plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

tags | advisory, sql injection
SHA-256 | c8e9fb5283788ed22bbefb1180a07cfcfa306903014b65a7c20726ab8fc2aaec
Secunia Security Advisory 49694
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been discovered in the SS Quiz plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks and bypass certain security restrictions.

tags | advisory, vulnerability, csrf
SHA-256 | 43b9148dc362a06892fb954f3d4a3a9e98c4d0dace30ed21f470735f2141ac54
Secunia Security Advisory 49592
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in HP System Management Homepage, where some have unknown impacts and others can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, hijack a user's session, cause a DoS (Denial of Service), bypass certain security restrictions, manipulate certain data, and compromise a vulnerable system.

tags | advisory, denial of service, local, vulnerability
SHA-256 | 1ac283c2410ab42b9b401e8e4a6f341cc1d55d6ee02b43e197ec96b370c568ab
Secunia Security Advisory 49721
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Slackware has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library.

tags | advisory, vulnerability
systems | linux, slackware
SHA-256 | 49d01cc1b7feb9ff73ac9c468658809d42ba911207ffa34ab28ade290a2bd0ce
Secunia Security Advisory 49711
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for pam. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, perform certain actions with escalated privileges, and potentially gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | linux, gentoo
SHA-256 | 9bb3a993d3d4680ba299f484f5fdefe0b8a01b5f221ffd33879e2271cbca4834
Secunia Security Advisory 49593
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Apache Roller, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
SHA-256 | 917313a6f7629cd9857192c1be48db0101dd3a74dd37bc5c24555e49d8e82b75
Secunia Security Advisory 49707
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for links. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

tags | advisory, spoof
systems | linux, gentoo
SHA-256 | adb6532c3423da89e39ba4b5a1d845ea7d92a072b7129d1f48b8aae3685d0f6f
Secunia Security Advisory 49706
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for postfix. This fixes two vulnerabilities, which can be exploited by malicious people to manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
SHA-256 | f7402d2aa539b8e516df12a70d30dd630319c5ad5a16ff66cd2dbb2d2b488b73
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close