exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 26 RSS Feed

Files Date: 2013-09-18

Apple Security Advisory 2013-09-18-1
Posted Sep 18, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-09-18-1 - iTunes 11.1 is now available. A memory corruption issue existed in the iTunes ActiveX control. This issue was addressed through additional bounds checking.

tags | advisory, activex
systems | apple
advisories | CVE-2013-1035
SHA-256 | 46fc7b5eb3fefe13a291247cae855e3a91a0a0bd612ea62733b12ce2dc1e80a2
HP Security Bulletin HPSBMU02917
Posted Sep 18, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02917 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) running on Linux and Windows. The vulnerabilities could be exploited remotely resulting in command execution and privilege gain. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2013-3576
SHA-256 | 0d1a08baa3a0a6ee30bc3c3edfb10cec8e27f810dae426c8b9cb3637abbbf8a5
vtiger CRM 5.4.0 SQL Injection
Posted Sep 18, 2013
Authored by High-Tech Bridge SA | Site htbridge.com

vtiger CRM version 5.4.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2013-5091
SHA-256 | 6f1a57864ebc9db55967154960396a0a758db0008927420ffac97caba1e1093c
Code Sector TeraCopy 2.3 Integer Overflow
Posted Sep 18, 2013
Authored by LiquidWorm | Site zeroscience.mk

Code Sector TeraCopy versions 2.3 beta 2 and 2.27 integer overflow proof of concept exploit. TeraCopy is prone to an integer overflow vulnerability because it fails to perform adequate boundary checks when reading language files. Successfully exploiting this issue may allow local attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

tags | exploit, overflow, arbitrary, local, proof of concept
SHA-256 | 5c11b78589f464552b6f86071b9f9b527b496eaedc2860065b7a0292d9c201b8
Cisco Security Advisory 20130918-dcnm
Posted Sep 18, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Prime Data Center Network Manager (DCNM) contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to disclose file components, and access text files on an affected device. Various components of Cisco Prime DCNM are affected. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco Prime DCNM is affected by the following vulnerabilities: Cisco Prime DCNM Information Disclosure Vulnerability Cisco Prime DCNM Remote Command Execution Vulnerabilities Cisco Prime DCNM XML External Entity Injection Vulnerability Cisco has released free software updates that address these vulnerabilities. There are currently no workarounds that mitigate these vulnerabilities.

tags | advisory, remote, vulnerability, info disclosure, xxe
systems | cisco
SHA-256 | 59abee34c5117c85ecf0f7c23a0c36170f53170f33c1427314bb3d0f036af886
Cisco Security Advisory 20130918-pc
Posted Sep 18, 2013
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web framework of Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance could allow an unauthenticated, remote attacker to access sensitive information on the system. The vulnerability is due to improper user authentication and inadequate session management. An unauthenticated, remote attacker could exploit this vulnerability by submitting a crafted HTTP request to the web user interface. Successful exploitation of this vulnerability may reveal sensitive information, including user credentials. Cisco has released a free software update that addresses this vulnerability. There are currently no workarounds that mitigate this vulnerability.

tags | advisory, remote, web
systems | cisco
SHA-256 | 5f1ed2310f169ed38cbf916780a21a340c395530c7ad52f4ed3be2377ffb974d
Slackware Security Advisory - mozilla-firefox Updates
Posted Sep 18, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | bd6e4cbf70e2a1d96e177697fd092044a95f075cd9a544217084c854917569d2
Debian Security Advisory 2759-1
Posted Sep 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2759-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows may lead to the execution of arbitrary code.

tags | advisory, web, overflow, arbitrary
systems | linux, debian
advisories | CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737
SHA-256 | 55d32055347d4af467fc566b4dc7bd9c67e7e74ad6cd48811322cf8611719708
Ubuntu Security Notice USN-1963-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1963-1 - It was discovered that usb-creator was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1063
SHA-256 | fa737444935a8672adeb6a4d6cfbc77b12ae1800c75f2892ca8f18019d684949
Ubuntu Security Notice USN-1952-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1952-1 - Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a flaw in the HTML5 Tree Builder when interacting with template elements. If a user had scripting enabled, in some circumstances an attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-1718, CVE-2013-1720, CVE-2013-1721, CVE-2013-1722, CVE-2013-1724, CVE-2013-1725, CVE-2013-1728, CVE-2013-1730, CVE-2013-1732, CVE-2013-1736, CVE-2013-1737, CVE-2013-1738, CVE-2013-1718, CVE-2013-1720, CVE-2013-1721, CVE-2013-1722, CVE-2013-1724, CVE-2013-1725, CVE-2013-1728, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737, CVE-2013-1738
SHA-256 | f9eb20686e01bfdc98a78a1cffeea878934e6b7bae8b6f26916712440670244e
Ubuntu Security Notice USN-1957-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1957-1 - It was discovered that Jockey was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1065
SHA-256 | a0d0e90223af97092ca91dba76ea9d87cdd7d49b4398bdb86894ed3ba7bd719d
Ubuntu Security Notice USN-1962-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1962-1 - It was discovered that ubuntu-system-service was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1062
SHA-256 | ab04e0bc3bf6ced2a3d77cb39eaf73489e6fdd6a3630c1a1bbd1c32ab8471cec
Ubuntu Security Notice USN-1961-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1961-1 - It was discovered that systemd was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-4327
SHA-256 | 8d3f12f496aefbcf0ee96e07388171506a6f132ca36d598b2ad413d8cf4b4c4e
Ubuntu Security Notice USN-1960-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1960-1 - It was discovered that Software Properties was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1061
SHA-256 | 9f102e925fca8275a7633ec18f013c9a2579e16ca7a318ba5fbe7449d41bb4f2
Ubuntu Security Notice USN-1955-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1955-1 - It was discovered that apt-xapian-index was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1064
SHA-256 | 5078344d8f0c337690f27f89cdf04501956fac823f9ca2927a7ca2ee9273d027
Ubuntu Security Notice USN-1959-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1959-1 - It was discovered that RealtimeKit was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-4326
SHA-256 | 8451920a39790b95476dece7cb3f02ad21d25f9d915f1b408cc768c05e5a3a8e
Ubuntu Security Notice USN-1954-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1954-1 - It was discovered that libvirt used the pkcheck tool in an unsafe manner. A local attacker could possibly use this flaw to bypass polkit authentication. In Ubuntu, libvirt polkit authentication is not enabled by default. It was discovered that libvirt incorrectly handled certain memory stats requests. A remote attacker could use this issue to cause libvirt to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 12.10, and Ubuntu 13.04. Various other issues were also addressed.

tags | advisory, remote, denial of service, local
systems | linux, ubuntu
advisories | CVE-2013-4311, CVE-2013-4296, CVE-2013-5651, CVE-2013-4296, CVE-2013-4311, CVE-2013-5651
SHA-256 | 59ff3bfce1b5160cbf39adc5e7dbd353a7a26360a5e79205fa96bcdf56cace17
Ubuntu Security Notice USN-1956-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1956-1 - It was discovered that HPLIP was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-4325
SHA-256 | 71e03f17753583dab5bfb5951604d6afb1f873179ad5a70e5586190649331a95
Ubuntu Security Notice USN-1958-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1958-1 - It was discovered that language-selector was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1066
SHA-256 | 58028b017f1117eeec196c3ed1b1912a44828f3b1dbf9810531a1dcbd68729ec
Ubuntu Security Notice USN-1953-1
Posted Sep 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1953-1 - It was discovered that polkit didn't allow applications to use the pkcheck tool in a way which prevented a race condition in the UID lookup. A local attacker could use this flaw to possibly escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-4288
SHA-256 | 528785d61b42c1f01b4bfaa52b123f7ee07cc62e133897d8fdc089aa6ad23405
Debian Security Advisory 2760-1
Posted Sep 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2760-1 - Florian Weimer discovered two security problems in the Chrony time synchronization software (buffer overflows and use of uninitialized data in command replies).

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2012-4502, CVE-2012-4503
SHA-256 | 4a636149305d24d77a8f8ac8d4a99383a8fb9b7b850ae3a3e96a487f69a984bb
Mandriva Linux Security Advisory 2013-237
Posted Sep 18, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-237 - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Security researcher Abhishek Arya of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free problem in the Animation Manager during the cloning of stylesheets. This can lead to a potentially exploitable crash. Various other issues were also addressed.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2013-1719, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737
SHA-256 | 4df6d780c957375d37c25593963fc5e1842fc80c3ddda22c77a645e6dd88d036
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Sep 18, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | e23c9a111ea6463e49234dcda90c14a9047eb8129aaf82df92218b7ccbd7a00b
CryptHook Secure TCP/UDP Connection Wrapper
Posted Sep 18, 2013
Authored by stderr | Site chokepoint.net

CryptHook is a modular implementation for securing and layering cryptography for existing applications with symmetrical block cipher encryption. It works by hooking the base system calls for network communication send/sendto and recv/recvfrom. Crypthook will work with any existing application that relies on these system calls. Full example at their homepage includes tunneling SSH through the encrypted wrapper.

tags | tool, encryption
SHA-256 | fc13d7556b46c8a8c4a1900b3b5fe6de507d49964efdbcce7f930cb720a1523b
German ERP Sage Office Line Privilege Escalation
Posted Sep 18, 2013
Authored by x180913erp

German ERP system "Sage Office Line" suffers from a database user privilege escalation vulnerability.

tags | exploit
SHA-256 | 6b2c5fa4f2bb2555c4ee0b0a396286b2dffd144b07959e79d7e2769d73efab17
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close