what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-06-21

HP Security Bulletin HPSBUX02876 SSRT101148 2
Posted Jun 21, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02876 SSRT101148 2 - A potential security vulnerability has been identified with HP-UX running BIND. This vulnerability could be exploited remotely to create a Denial of Service (DoS). Revision 2 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2013-2266
SHA-256 | 8b167f87f0c9355815506c7eeefa983f0028d1289171609aacb0fef7b45c84a6
Alienvault OSSIM SIEM 4.1 SQL Injection
Posted Jun 21, 2013
Authored by Glafkos Charalambous

Alienvault OSSIM open source SIEM version 4.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | cec5b0d081cb8bbd769dd87f67d17d9598653efb5fe766c3fed3b0ae82e30776
Suricata IDPE 1.4.3
Posted Jun 21, 2013
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: A case of missed detection in bytetest, bytejump, and byteextract was fixed. Tunneled packets can now be dropped properly in IPS mode. The OS X build was fixed.
tags | tool, intrusion detection
systems | unix
SHA-256 | a78332ea4de870009fc30bdc04b1f2fa7b6f440fb098751e6ebd707f31d07f7e
Packet Storm Advisory 2013-0621 - Facebook Information Disclosure
Posted Jun 21, 2013
Authored by Todd J. | Site packetstormsecurity.com

Facebook suffered from an information disclosure vulnerability. If a user uploaded their contacts to Facebook and then proceeded to download their expanded dataset from the DYI (Download Your Information) section, they would receive a file called addressbook.html in their downloaded archive. The addressbook.html is supposed to house the contact information they uploaded. However, due to a flaw in how Facebook implemented this, it also housed contact information from other uploads other users have performed for the same person, provided they had one piece of matching data. This effectively built large dossiers on users and disclosed their information to anyone that knew at least one piece of matching data.

tags | exploit, info disclosure, packet storm
SHA-256 | 07268c0e796ea6d21e794a4db3101dd9e38d23de66ebb9b581bb627fba66c532
Google Translate Cross Site Request Forgery
Posted Jun 21, 2013
Authored by Ivano Binetti

Google Translate suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 12c75e42342e2b5192e105b93d358210a34123108e4400ed7ac334119313f625
Mediacoder .lst SEH Buffer Overflow
Posted Jun 21, 2013
Authored by metacom

Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .lst file.

tags | exploit, overflow, local, code execution
SHA-256 | bcb66ae72f4f684291f8faab4d2e165bb61d7ebc318e13bb1313b5ccd967ad9b
MediaCoder PMP Edition 0.8.17 Buffer Overflow
Posted Jun 21, 2013
Authored by metacom

MediaCoder PMP Edition version 0.8.17 buffer overflow exploit that generates a malicious .m3u file.

tags | exploit, overflow
SHA-256 | 9fd7b6968573c582ace30ac22503f1f40315d198996d216a15f72fecb865e032
Mediacoder .m3u SEH Buffer Overflow
Posted Jun 21, 2013
Authored by metacom

Local SEH buffer overflow code execution exploit for Mediacoder products that generates a malicious .m3u file.

tags | exploit, overflow, local, code execution
SHA-256 | 88cbe9f71bdd8f65081de116b10e0c8cff528229002bfcafc93c7a4c0255f52e
WordPress Slash Theme XSS / Spoofing / Disclosure
Posted Jun 21, 2013
Authored by MustLive

The Slash theme for WordPress suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities.

tags | exploit, spoof, vulnerability, xss
SHA-256 | a99cba04e795f7b79896872c6d6ff57f05ad21de70d7e533d95a3ebf48628267
Prestige Software CMS File Disclosure
Posted Jun 21, 2013
Authored by Behnam Abbasi Vanda

Prestige Software CMS suffers from a local file disclosure vulnerability.

tags | exploit, local, info disclosure
SHA-256 | a65103527976d07ca5756e57a286810cd917abeeb166383e9e823692a7ffbab9
Ubuntu Security Notice USN-1887-1
Posted Jun 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1887-1 - Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this new option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This issue only affected Ubuntu 12.04 LTS. Alex Gaynor discovered that Swift did not safely generate XML. An attacker could potentially craft an account name to generate arbitrary XML responses to trigger vulnerabilties in software parsing Swift's XML. Various other issues were also addressed.

tags | advisory, remote, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2012-4406, CVE-2013-2161, CVE-2012-4406, CVE-2013-2161
SHA-256 | 5b0ad4a79955b664e4b569e89066b103b2e70a89a066264da404f903535c5dfa
Ubuntu Security Notice USN-1889-1
Posted Jun 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1889-1 - David Torgerson discovered that HAProxy incorrectly parsed certain HTTP headers. A remote attacker could use this issue to cause HAProxy to stop responding, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2013-2175
SHA-256 | 170292e05c69610f96572ca3fc5b216de334532198eb00640de7931e0985c857
Ubuntu Security Notice USN-1888-1
Posted Jun 21, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1888-1 - It was discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code. Ilja van Sprundel discovered that Mesa incorrectly handled certain memory calculations. An attacker could use this flaw to cause an application to crash, or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1872, CVE-2013-1993, CVE-2013-1872, CVE-2013-1993
SHA-256 | fb7ddb2e13b7cbcbdd9feed3cb6af9c5992db485bff28fb98a834c152dcbdaed
Red Hat Security Advisory 2013-0963-01
Posted Jun 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0963-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2400, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2462, CVE-2013-2463
SHA-256 | fa788ed6640724a39a9d27888724662f9a0a62c5a8c9253349f00f832be6d023
Red Hat Security Advisory 2013-0964-01
Posted Jun 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0964-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2013-2067
SHA-256 | d96b4622d35295cb0cd295bda0028994ae0856b43e509797204db45817e27fea
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close