what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files Date: 2013-05-01

Drupal Filebrowser 6.x Cross Site Scripting
Posted May 1, 2013
Authored by Pawel Krawczyk | Site drupal.org

Drupal Firebrowser third party module version 6.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 6d37d39ebf558454f3495b6997965eab210ae593ff8bc7796528e6cc90b67057
Ubuntu Security Notice USN-1812-1
Posted May 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1812-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635, CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635
SHA-256 | b05d49f9e850cdf45a6d8aa43a7396eeaec1289b982f62c2facf06658ae4d42b
Ubuntu Security Notice USN-1811-1
Posted May 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1811-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635, CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635
SHA-256 | bc5a300fb0fcdeac446d0595095403f6f8fa6d91a12d9b4f8eb17fb7e6a96e40
Ubuntu Security Notice USN-1809-1
Posted May 1, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1809-1 - Mathias Krause discovered an information leak in the Linux kernel's UDF file system implementation. A local user could exploit this flaw to examine some of the kernel's heap memory. Mathias Krause discovered an information leak in the Linux kernel's ISO 9660 CDROM file system driver. A local user could exploit this flaw to examine some of the kernel's heap memory. An integer overflow was discovered in the Direct Rendering Manager (DRM) subsystem for the i915 video driver in the Linux kernel. A local user could exploit this flaw to cause a denial of service (crash) or potentially escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, overflow, kernel, local
systems | linux, ubuntu
advisories | CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635, CVE-2012-6548, CVE-2012-6549, CVE-2013-0913, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1848, CVE-2013-1860, CVE-2013-2634, CVE-2013-2635
SHA-256 | d4cebc9b5680648746ccf37333cc5ee1da4f674852175df54056f76316a751b4
b2evolution 4.1.6 SQL Injection
Posted May 1, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

b2evolution version 4.1.6 suffers from remote SQL injection and cross site request forgery vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2013-2945
SHA-256 | a5ab5b7104a53bbb94e8b06e61c86f560a088dd4b5a5a927911191693b7c5615
Red Hat Security Advisory 2013-0783-01
Posted May 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0783-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | afb6a79216774e542546dbb1bca6e4909511b67498263b7f0ec7ff8a629222b4
Sanewall 1.1.0
Posted May 1, 2013
Authored by Costa Tsaousis, Phil Whineray | Site sanewall.org

Sanewall is a firewall builder for Linux which uses an elegant language abstracted to just the right level. This makes it powerful and easy to use, audit, and understand. It allows you to create very readable configurations even for complex stateful firewalls. Sanewall can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, all kinds of NAT, providing strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, and whitelists. Newer versions abstract the differences between IPv4 and IPv6, allowing you to define a common set of rules for both, while permitting specific rules for each as you need.

Changes: This development version includes the latest IPv4/IPv6 abstraction code. Please see the README to get started and for known issues, and report any problems to the mailing list.
tags | tool, spoof, firewall
systems | linux, unix
SHA-256 | 0b80c1594e3c3a4c142f31e8c0ffd0744358c1ec7c024440c8ea6f1642296e95
Red Hat Security Advisory 2013-0782-01
Posted May 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0782-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-0166, CVE-2013-0169
SHA-256 | 35e9165726ec8b7730d6c011ad7f011c013f4ed805b28c59be8118a1119d97d9
sudo 1.8.3p1 Local Root
Posted May 1, 2013
Authored by aeon flux

sudo versions 1.8.0 through 1.8.3p1 sudo_debug root exploit with glibc FORTIFY_SOURCE bypass.

tags | exploit, root
advisories | CVE-2012-0864, CVE-2012-0809
SHA-256 | fd5de3c224057c2badb29c86b2ccb0d9023bebf0836e30f5d1c043a51ada25c8
eggBlog Shell Upload
Posted May 1, 2013
Authored by Pokk3rs

eggBlog suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 5c8c12f9ba011e1d9b900652719ed84c53d2e512020dfa87080f173d8e6f0587
Forticlient VPN Client Credential Interception
Posted May 1, 2013
Authored by Cedric Tissieres, Philippe Oechslin | Site objectif-securite.ch

The Fortinet FortiClient VPN client on all available platforms suffers from a certificate validation vulnerability which allows an attacker to successfully run a man-in-the-middle attack and to steal the credentials of the user.

tags | exploit
SHA-256 | c9eab5520d3748247b19a71073dbe3eae001373c7bb79efe6b038b7a23417fc3
AudioCover 0.8.18 Buffer Overflow
Posted May 1, 2013
Authored by metacom

AudioCoder version 0.8.18 buffer overflow exploit that creates a malicious .m3u file.

tags | exploit, overflow
SHA-256 | 64a784f68f1cf7311b872f67063789f3ae95a8add4b433a02c181132acf3d791
GetSimple CMS 3.1.2 Cross Site Scripting
Posted May 1, 2013
Authored by High-Tech Bridge SA | Site htbridge.ch

GetSimple CMS version 3.1.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2013-1420
SHA-256 | ac100bee72f2103369d32785e864dc632666525874db17dd602e3c7f2062edd2
Microchip TCP/IP Stack Unchecked Buffer
Posted May 1, 2013

The function TCPIP_IPV6_ProcessFragmentationHeader() does not correctly validate the "fragment offset" field in the IPv6 fragmentation header. The standard vendor toolchain for PIC32 does not implement ASLR or stack cookies. The typical memory layout for a PIC32 application prevents shellcode from being executable, requiring ROP techniques. All applications using the Microchip TCP/IP Stack versions 6.00 through 6.02 (current) beta on PIC32 microcontrollers with IPv6 support enabled are affected.

tags | advisory, tcp, shellcode
SHA-256 | d912b429531a32ec157c691f23b0d21958d5ad32816bf8382db38452afee8bed
Multithreaded SQL Injector
Posted May 1, 2013
Authored by miyachung

This is a SQL injection tool similar to havij but is super fast per the author.

tags | tool, scanner, sql injection
systems | unix
SHA-256 | bb0ace9f65db972df40d580e46e07ff19b711b4e9d4df7895f33dec8cc400b54
Packet Storm New Exploits For April, 2013
Posted May 1, 2013
Authored by Todd J. | Site packetstormsecurity.com

This archive contains all of the 118 exploits added to Packet Storm in April, 2013.

tags | exploit
systems | linux
SHA-256 | 796a707a40714a19684c71eaa704f1afa8f4783db71ca2856381cedd8088857f
strongSwan IPsec Implementation 5.0.4
Posted May 1, 2013
Authored by Andreas Steffen | Site strongswan.org

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.

Changes: This release fixes a severe security vulnerability (CVE-2013-2944) that existed in all versions 4.3.5 through 5.0.3. If the strongSwan "openssl" plugin was used for ECDSA signature verification, an empty, zeroed, or otherwise invalid signature was handled as a legitimate one.
tags | encryption, protocol
systems | linux, unix, freebsd, apple, osx
advisories | CVE-2013-2949
SHA-256 | f52a048aabc783056f90efab6c181ccb17b17396d3208327b4f90debaa4c16a3
ClamWin 0.97.8
Posted May 1, 2013
Site clamwin.com

ClamWin is a free antivirus solution for Windows that uses the well-respected ClamAV scanning engine. It includes a virus scanner, scheduler, virus database updates, context menu integration to MS Windows Explorer and Add-in to MS Outlook. Also features easy setup program.

tags | tool, virus
systems | windows
SHA-256 | 0e35cf8fa2dcb8141a8002a348b1bf71d4253c7ec5e16aa6a633edf84d0a9daf
HITB Security Conference 2013 Call For Papers
Posted May 1, 2013
Site cfp.hackinthebox.org

The Call For Papers for the 11th annual HITB security conference in Malaysia has been announced. It will take place October 16th and the 17th, 2013, in Kuala Lumpur.

tags | paper, conference
SHA-256 | ecd2044f128d4a89f3811d31d832398ae035be457fd43f01f2ef079089c911f4
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close