what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 22 of 22 RSS Feed

Files Date: 2013-03-25

Red Hat Security Advisory 2013-0681-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0681-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Web Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | 32357ad3c21abbde9aeddcd05fca1be975960a8cba6312d5deb4800bbee711a2
Red Hat Security Advisory 2013-0680-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0680-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | 2dd2db97370c098a4f39f5dc56456545d352223c7fde8c6bcf1f9878474aab13
Red Hat Security Advisory 2013-0679-01
Posted Mar 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0679-01 - The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications. The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform installation .

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2012-5783
SHA-256 | 9cd819992de5ae233e4a9109208d7923df8497bb312ffc625e5b504206be0ef7
LinkedIn Investors Cross Site Scripting
Posted Mar 25, 2013
Authored by Eduardo Garcia Melia

The LinkedIn Investors site suffered from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 20cf335eff36b02cd7cdf733bd516815daeadfdbe43552c66b7dc93b741b649a
LinkedIn Cross Site Request Forgery
Posted Mar 25, 2013
Authored by Vicente Aguilera Diaz

LinkedIn suffers from a cross site request forgery vulnerability in the "Add Connections" invitation functionality.

tags | exploit, csrf
SHA-256 | c5b139a72bbd7b02ada9279c197de33ad532f99e9aef4a08b3dc7dd686b75a16
Slackware Security Advisory - php Updates
Posted Mar 25, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1635,CVE-2013-1643.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2013-1635, CVE-2013-1643
SHA-256 | e481a7708968f1a52826eb94e8afaae71ad3b4113b2142ef2c738d536aedb1ad
LiquidXML Studio 2012 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2012 active-x insecure method executable file creation exploit.

tags | exploit, activex
SHA-256 | 6229e6a4ed53e4f7fa659d84fce3e63cba583a5308f9dd12b2ecceb5f4d277b4
LiquidXML Studio 2010 Active-X File Creation
Posted Mar 25, 2013
Authored by Dr_IDE

LiquidXML Studio 2010 active-x insecure method executable file creation exploit.

tags | exploit, activex
SHA-256 | d7802fe8f8971ac958b1ceae16b3c8417f9ad33014ba900fd85193453802609e
Mitsubishi MX Component Active-X Code Execution
Posted Mar 25, 2013
Authored by Dr_IDE

Mitsubishi MX Component version 3 remote exploit that binds a shell to port 5500.

tags | exploit, remote, shell, activex
SHA-256 | f9719948c2c98d6b095ce092b25be702eceda9fb377c0bb7f0b7c81a29f57509
Mobius Forensic Toolkit 0.5.17
Posted Mar 25, 2013
Site savannah.nongnu.org

Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.

Changes: This release adds support for physical device's datasources. Minor improvements were made. Bugs were fixed.
tags | tool, python, forensics
systems | unix
SHA-256 | 96572d815cb2a391c7c15a03fc0240366cd4997c4e93649fa5658abd9bbe344c
WordPress Mathjax Latex 1.1 Cross Site Request Forgery
Posted Mar 25, 2013
Authored by Junaid Hussain

WordPress Mathjax Latex version 1.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | eef9fe57923060a3364f12106f5449c6b6f9790fc30d849f3f71887ff567f95a
Ubuntu Security Notice USN-1779-1
Posted Mar 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1779-1 - It was discovered that GNOME Online Accounts did not properly check SSL certificates when configuring online accounts. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise credentials and confidential information.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2013-0240, CVE-2013-1799
SHA-256 | adbacb28c661e86390c76fd91c4d6379200052be7d4fa1b8d22419c32c854f3f
Ubuntu Security Notice USN-1732-3
Posted Mar 25, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1732-3 - USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0169 and CVE-2012-2686 was reverted in USN-1732-2 because of a regression. This update restores the security fix, and includes an extra fix from upstream to address the AES-NI regression. Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10. Nadhem Alfardan and Kenny Paterson discovered that the TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the "Lucky Thirteen" issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, ubuntu
advisories | CVE-2012-2686, CVE-2013-0169, CVE-2013-0169
SHA-256 | 714d0b8055324fad3bfe313fe9719e788dc74886687fb2bdee9de630373218b6
WP Banners Lite 1.40 Cross Site Scripting
Posted Mar 25, 2013
Authored by Zerial

WordPress Banners Lite third party plugin versions 1.40, 1.31, and 1.29 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | f84aab438dea368c84895e35221d0f2a92675a6dd8c837c8c8ab87b3b72b0d98
360-FAAR Firewall Analysis Audit And Repair 0.4.0
Posted Mar 25, 2013
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release changes the command line options and permits you to process as many configs as you choose. All code has been refactored into subroutines. Three new modes have been added: 'load' mode allows you to load new config bundles into an already running instance of 360-FAAR, 'copylog' mode associates a log file from one config with another loaded or new config, 'help' mode prints info about all of the other modes. Undefined warnings have been resolved when using CTRL-C to exit the user loop.
tags | tool, perl
systems | unix
SHA-256 | 41bfa76a0f30836f748df3bae1e6d18768164aff324a3ee88f2b0fac668f3430
Rosewill RSVA11001 Remote Code Execution
Posted Mar 25, 2013
Authored by Eric Urban

Rosewill RSVA11001 Hi3515 suffers from a remote command execution vulnerability due to feeding unsanitized user-supplied data to ntpdate.

tags | exploit, remote
SHA-256 | 80805c21f51ff3a27c9541a62622f652aef81a570b3ef82ba5fd1f2de36392f3
Ra1NX PHP Bot Authentication Bypass Remote Code Execution
Posted Mar 25, 2013
Authored by bwall | Site metasploit.com

This Metasploit module allows remote command execution on the PHP IRC bot Ra1NX by using the public call feature in private message to covertly bypass the authentication system.

tags | exploit, remote, php
SHA-256 | 0ca2edc3146081af6b7cfa1d1b095743c8a69ad6f34856249388fa89e835a862
Innovative Web Ideas SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

Sites design by Innovate Web Ideas suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | bf6fc35b391a94b2b16e5590b8c4c0d5f07fb050c944de0910f7590851baf3ee
IconCool MP3 WAV Converter 3.00 Build 120518 Buffer Overflow
Posted Mar 25, 2013
Authored by G0li47h

IconCool MP3 WAV Converter version 300 build 120518 suffers from a stack buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | d3641b585f54cc9b0731daf5e96fa4214b50373efc2ae5123d82ea0503497eee
WordPress Finalist SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

WordPress Finalist third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | de24cb85c27e3140bfb6cb282c818c326e61dc11a2adec14efb28b613e4b6d5a
WordPress Level Four Storefront SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

WordPress Level Four Storefront third party plugin version 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection
SHA-256 | 2793e0426823c0d4d1943351bb6e17f5cc58a108b2a54e19c3b5dff67efbd20e
Plan B SQL Injection
Posted Mar 25, 2013
Authored by Ashiyane Digital Security Team

Sites designed by Plan B suffer from remote SQL injection vulnerabilities. Note that this finding houses site-specific data.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 74353edb6b9bfad8c79dd5fc97bd85115a127b7ec3a208e7ce1ed9b1bf98ca4a
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close