what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2013-07-11

Red Hat Security Advisory 2013-1024-01
Posted Jul 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1024-01 - Updated Messaging component packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise MRG 2.3 for Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-1909
SHA-256 | b27517f1b626a0eda896340f34f49bd12b4b6bbb7834967692784fd3d4d3f17c
Mandriva Linux Security Advisory 2013-194
Posted Jul 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-194 - Multiple vulnerabilities has been found and corrected in the Linux kernel. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. Various other issues have also been addressed. The updated packages provides a solution for these security issues.

tags | advisory, remote, denial of service, kernel, local, vulnerability
systems | linux, mandriva
advisories | CVE-2012-5517, CVE-2013-0231, CVE-2013-1059, CVE-2013-1774, CVE-2013-2147, CVE-2013-2148, CVE-2013-2164, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237, CVE-2013-2850, CVE-2013-2851, CVE-2013-2852, CVE-2013-3301
SHA-256 | 222e6a9b6c229fb8760fbf864b56dd9ad305b2f5b2210ae92ec97c2c2809405b
Mandriva Linux Security Advisory 2013-193
Posted Jul 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-193 - mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. The updated packages have been upgraded to the latest 2.2.25 version which is not vulnerable to this issue.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2013-1896
SHA-256 | 6bb051f28da0e3ffb1ef6f736e950ea307cd11c8d925486e08bc7aa93ce12511
Atlassian Confluence 4.3.5 XSS / Clickjacking
Posted Jul 11, 2013
Authored by Andrew Horton, Sow Ching Shiong, Mahendra | Site baesystemsdetica.com.au

Atlassian Confluence versions 4.3.5 and below suffer from cross site scripting, cross site flashing, and insufficient framing protection vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 04b97b6e60bc74d9d3dc996fcb89ad8016e30f85442144fb45955cd70de7cbb7
3S Vision / Asante Voyager / ALinking Hardcoded Accounts
Posted Jul 11, 2013
Authored by Roberto Paleari

Multiple cameras suffer from having hardcoded backdoor accounts allowing for authentication bypass and code execution. Included are various 3S Vision, Asante Voyager, and ALinking cameras.

tags | exploit, code execution, bypass
SHA-256 | e5d05de9ba28af339c8a8385bfca41fad5e26d35ff3a6001d8630ba5675fcbbb
PrestaShop 1.5.4 Cross Site Request Forgery
Posted Jul 11, 2013
Authored by Eyup CELIK, EntPro Cyber Security Research Group

PrestaShop version 1.5.4 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 569006bfc5d70826e09cb71f57f8aef0f71ab333fe47164b4cb288a5f9fa457e
nginx 1.3.9 / 1.4.0 x86 Brute Force Proof Of Concept
Posted Jul 11, 2013
Authored by Kingcope

nginx version 1.3.9 and 1.4.0 x86 brute force proof of concept remote exploit that spawns a reverse shell.

tags | exploit, remote, shell, x86, proof of concept
SHA-256 | c08d90d9385b3dfaf58239db1bfee804fe103d21d4ebed131c2c37bd98971111
Drupal TinyBox 7.x Cross Site Scripting
Posted Jul 11, 2013
Authored by Daniel Nitsche | Site drupal.org

Drupal TinyBox third party module version 7.x suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 68b8c0eff858ede028a885fc8fd53a4323fee40a21aeb4d6befadd4bf113c3b0
Red Hat Security Advisory 2013-1044-01
Posted Jul 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1044-01 - The JBoss Seam 2 framework is an application framework for building web applications in Java. The RichFaces component is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2013-2165
SHA-256 | d18a74069a96a4aaa1652df273b226c9ec81f840a9d532e9124b8e2d2d808e2a
Red Hat Security Advisory 2013-1045-01
Posted Jul 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1045-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2165
SHA-256 | 81c3cfee3b426df3d700d82b46210967ca52f443a2ad2a47a35bc2782f988cac
Red Hat Security Advisory 2013-1043-01
Posted Jul 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1043-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2165
SHA-256 | 3f195710e9356b035cbdd3ab0f3ee82522528a883a4fa741abf131813d48cd52
Red Hat Security Advisory 2013-1042-01
Posted Jul 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1042-01 - RichFaces is an open source framework that adds Ajax capability into existing JavaServer Faces applications. A flaw was found in the way RichFaces ResourceBuilderImpl handled deserialization. A remote attacker could use this flaw to trigger the execution of the deserialization methods in any serializable class deployed on the server. This could lead to a variety of security impacts depending on the deserialization logic of these classes. The fix for this issue introduces a whitelist to limit classes that can be deserialized by RichFaces.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2013-2165
SHA-256 | 8d99bfdf74e800ed985ade651322e5980dd02d516df4c0faefe2493afad24b8a
Debian Security Advisory 2719-1
Posted Jul 11, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2719-1 - Multiple vulnerabilities were discovered in the poppler PDF rendering library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-1788, CVE-2013-1790
SHA-256 | fcb50182fa2bad45ade94192c613b84468ab1d62c6da5c762196695a733f5ef6
Joomla AICONTACTSAFE 2.0.19 Cross Site Scripting
Posted Jul 11, 2013
Authored by Adam Willard

Joomla AICONTACTSAFE version 2.0.19 suffers from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | b4bb8004d0a3151453a8c7faca6416303b9cc9330e840b011b75ec6cee0b4ada
Air Drive Plus 2.4 LFI / XSS / File Upload
Posted Jul 11, 2013
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Air Drive Plus version 2.4 for iOS suffers from local file inclusion, script inclusion, and remote arbitrary file upload vulnerabilities.

tags | exploit, remote, arbitrary, local, vulnerability, file inclusion, file upload
systems | ios
SHA-256 | 3962cd3187d8ce7cf9f15f89a34bc0f1974a6495c284a9cead16289b31d87156
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close