< Back to JetLib.com

jetlib.sec » Packet Storm Security Recent Files

« Expand/Collapse

Packet Storm Security Recent Files

Skip to page: 1 2 3 ... 46

February 21, 2012
18:58
strongSwan IPsec Implementation 4.6.2
» ‎ Packet Storm Security Recent Files

strongSwan is a complete IPsec implementation for the Linux, Android, Maemo, FreeBSD, and Mac OS X operating systems. It interoperates with with most other IPsec-based VPN products via the IKEv2 or IKEv1 key exchange protocols. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A rich choice of modular plugins adds additional features like Trusted Network Connect or advanced cryptographical algorithms.
Tags: implementation ipsec strongswan mac-os authentication-mechanisms ipsec-implementation exchange-protocols
18:56
LiveHelpNow Chat Cross Site Scripting
» ‎ Packet Storm Security Recent Files

LiveHelpNow Chat suffers from a cross site scripting vulnerability.
Tags: cross livehelpnow chat cross-site-scripting vulnerability
18:56
ForkCMS 3.2.5 Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Recent Files

ForkCMS version 3.2.5 suffers from cross site request forgery and cross site scripting vulnerabilities.
Tags: forkcms cross site cross-site-scripting forgery
18:54
WordPress SB Uploader Shell Upload
» ‎ Packet Storm Security Recent Files

WordPress SB Uploader suffers from a shell upload vulnerability.
Tags: uploader shell wordpress vulnerability
18:52
Oxwall 1.1.1 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Oxwall version 1.1.1 suffers from a cross site scripting vulnerability.
Tags: oxwall cross site vulnerability
18:50
Mercurycom MR804 Router Denial Of Service
» ‎ Packet Storm Security Recent Files

Mercurycom MR804 Router version 3.8.1 Build 101220 Rel.53006nB suffers from a denial of service vulnerability when fed multiple HTTP headers.
Tags: mercurycom router denial service-vulnerability denial-of-service http-headers
18:49
SocialCMS Cross Site Scripting / SQL Injection
» ‎ Packet Storm Security Recent Files

SocialCMS suffers from cross site scripting and remote SQL injection vulnerabilities.
Tags: cross socialcms site
18:27
CMS Wizard Cross Site Scripting
» ‎ Packet Storm Security Recent Files

CMS Wizard suffers from a cross site scripting vulnerability.
Tags: cross wizard cms vulnerability
18:25
Cisco Linksys WAG54GS Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

The Cisco Linksys WAG54GS ADSL router suffers from a cross site request forgery vulnerability.
Tags: wag cross site cisco-linksys adsl-router linksys-wag54gs forgery
18:21
P-Chat 0.9 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

P-Chat version 0.9 suffers from a cross site scripting vulnerability.
Tags: cross p-chat site vulnerability
18:16
DNSChef 0.1
» ‎ Packet Storm Security Recent Files

DNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
Tags: dns proxy dnschef network-traffic-analysis penetration-testers application-network
18:11
Red Hat Security Advisory 2012-0324-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
Tags: hat red libxml red-hat-security development-toolbox denial-of-service
18:10
Red Hat Security Advisory 2012-0323-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0323-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
Tags: server http red apache-http-server red-hat-security reverse-proxy
18:10
Red Hat Security Advisory 2012-0322-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0322-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Tags: java hat red java-runtime-environment red-hat-security java-virtual-machine
18:10
Red Hat Security Advisory 2012-0321-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0321-01 - Concurrent Version System is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue.
Tags: cvs client red concurrent-version-system based-buffer-overflow cvs-client
18:10
Gentoo Linux Security Advisory 201202-02
» ‎ Packet Storm Security Recent Files

Gentoo Linux Security Advisory 201202-2 - Multiple vulnerabilities were found in Quagga, the worst of which leading to remote execution of arbitrary code. Versions less than 0.99.20 are affected.
Tags: gentoo security linux gentoo-linux-security code-versions security-advisory
7:41
Red Hat Security Advisory 2012-0309-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.
Tags: advisory sudo red red-hat-security sudoers security-advisory
7:40
Red Hat Security Advisory 2012-0310-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0310-03 - The nfs-utils package provides a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab file. A local attacker could use this flaw to corrupt the mtab file.
Tags: hat file red kernel-network red-hat-security mount-nfs
7:39
Red Hat Security Advisory 2012-0153-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0153-03 - Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. This updated sos package also includes numerous bug fixes and enhancements.
Tags: hat network red red-hat-network red-hat-security network-content
7:37
Red Hat Security Advisory 2012-0311-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0311-03 - The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption.
Tags: hat corruption red memory-corruption red-hat-security correct-memory
7:36
Red Hat Security Advisory 2012-0313-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0313-03 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions" options, allowing Samba clients with write access to a share to create symbolic links that point to any location on the file system. Clients connecting with CIFS UNIX extensions disabled could have such links resolved on the server, allowing them to access and possibly overwrite files outside of the share. With this update, "wide links" is set to "no" by default. In addition, the update ensures "wide links" is disabled for shares that have "unix extensions" enabled.
Tags: server unix samba server-message-block open-source-implementation samba-clients
7:35
Red Hat Security Advisory 2012-0312-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0312-03 - The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash.
Tags: hat red system ike red-hat-security system-scripts network-interfaces
7:35
Debian Security Advisory 2413-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 2413-1 - Two buffer overflows have been discovered in libarchive, a library providing a flexible interface for reading and writing archives in various formats. The possible buffer overflows while reading is9660 or tar streams allow remote attackers to execute arbitrary code depending on the application that makes use of this functionality.
Tags: advisory debian security buffer-overflows flexible-interface linux-security
7:34
Red Hat Security Advisory 2012-0168-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0168-01 - The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.
Tags: hat red security network-interface-card red-hat-security privileged-guest
7:33
Red Hat Security Advisory 2012-0301-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0301-03 - ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker-controlled directory containing a specially-crafted ImageMagick configuration file, it could cause the utility to execute arbitrary code.
Tags: imagemagick hat red x-window imagemagick-utilities x-window-system red-hat-security
7:32
Red Hat Security Advisory 2012-0304-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0304-03 - The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the crontab program performed file time stamp updates on a temporary file created when editing a user crontab file. A local attacker could use this flaw to change the modification time of arbitrary system files via a symbolic link attack.
Tags: red cron security vixie-cron unix-daemon red-hat-security
7:32
Red Hat Security Advisory 2012-0305-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0305-03 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Tags: library red application regular-expression-library c-standard-library invalid-pointer
7:31
Red Hat Security Advisory 2012-0151-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0151-03 - The conga packages provide a web-based administration tool for remote cluster and storage management. Multiple cross-site scripting flaws were found in luci, the conga web-based administration application. If a remote attacker could trick a user, who was logged into the luci interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's luci session. These updated conga packages include several bug fixes and an enhancement.
Tags: luci conga red red-hat-security arbitrary-web administration-application
7:30
Red Hat Security Advisory 2012-0302-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0302-03 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user.
Tags: hat red security ziv-welch decompression-algorithm common-unix-printing lempel-ziv
7:30
Red Hat Security Advisory 2012-0303-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0303-03 - X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack.
Tags: open-source-implementation graphical-user-interfaces x-window-system
7:29
Red Hat Security Advisory 2012-0149-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0149-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing.
Tags: kvm red linux red-hat-security linux-kernel intel-64
7:29
Red Hat Security Advisory 2012-0306-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0306-03 - Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center. It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group.
Tags: group hat red network-authentication-system red-hat-security symmetric-encryption
7:28
Red Hat Security Advisory 2012-0150-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0150-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: A flaw was found in the way the Linux kernel's Event Poll subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service.
Tags: kernel security linux kernel-packages red-hat-security linux-kernel
7:28
Red Hat Security Advisory 2012-0307-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0307-03 - The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems.
Tags: hat file red red-hat-security linux-package login-program
7:28
Red Hat Security Advisory 2012-0308-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0308-03 - BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox.
Tags: hat red busybox ziv red-hat-security system-failures
7:21
Red Hat Security Advisory 2012-0152-03
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0152-03 - The kexec-tools package contains the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. Kdump used the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps.
Tags: kernel kexec ssh target-server red-hat-security linux-kernel
February 20, 2012
20:08
Dolphin 7.0.7 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Dolphin versions 7.0.7 and below suffer from multiple cross site scripting vulnerabilities.
Tags: cross dolphin site
20:06
OxWall 1.1.1 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

OxWall versions 1.1.1 and below suffer from multiple cross site scripting vulnerabilities.
Tags: cross oxwall site
19:33
Xavi 7968 ADSL Router Cross Site Request Forgery / Cross Site Scripting
» ‎ Packet Storm Security Recent Files

The Xavi 7968 router suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
Tags: cross xavi site cross-site-scripting forgery router
19:20
GNU Transport Layer Security Library 3.0.13
» ‎ Packet Storm Security Recent Files

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
Tags: library gnu security application-programming-interface transport-layer-security communications-protocols
18:43
Red Hat Security Advisory 2012-0317-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0317-01 - The libpng packages contain a library of functions for creating and manipulating PNG image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect.
Tags: hat libpng red png-image-format based-buffer-overflow red-hat-security
18:43
Ubuntu Security Notice USN-1370-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1370-1 - It was discovered that libvorbis did not correctly handle certain malformed ogg files. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges.
Tags: ubuntu notice security denial-of-service ogg-files arbitrary-code
18:42
Debian Security Advisory 2412-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 2412-1 - It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.
Tags: advisory debian security ogg-vorbis linux-security debian-linux
18:42
Debian Security Advisory 2411-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 2411-1 - It was discovered that mumble, a VoIP client, does not probably manage permission on its user-specific configuration files, allowing other local users on the system to access them.
Tags: advisory debian security linux-security debian-linux debian-security
18:42
Gentoo Linux Security Advisory 201202-01
» ‎ Packet Storm Security Recent Files

Gentoo Linux Security Advisory 201202-1 - Multiple vulnerabilities have been reported in Chromium, some of which may allow execution of arbitrary code. Versions less than 17.0.963.56 are affected.
Tags: gentoo security linux gentoo-linux-security code-versions security-advisory
18:42
Debian Security Advisory 2412-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 2412-1 - It was discovered that a heap overflow in the Vorbis audio compression library could lead to the execution of arbitrary code if a malformed Ogg Vorbis file is processed.
Tags: advisory debian security ogg-vorbis linux-security debian-linux
18:22
Xavi 7968 ADSL Router Denial Of Service
» ‎ Packet Storm Security Recent Files

The Xavi 7968 ADSL router suffers from a remote denial of service vulnerability.
Tags: router adsl xavi service-vulnerability denial-of-service
17:44
F*EX 20111129-2 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

F*EX (Frams's Fast File EXchange) version 20111129-2 suffers from a cross site scripting vulnerability.
Tags: cross scripting site frams file-exchange cross-site-scripting
12:11
ELBA 5.4.1 SQL Injection / Denial Of Service
» ‎ Packet Storm Security Recent Files

ELBA version 5.4.1 suffers from denial of service, information disclosure, and remote SQL injection vulnerabilities.
Tags: injection denial sql elba denial-of-service information-disclosure
10:22
Blade API Monitor Unicode Bypass Buffer Overflow
» ‎ Packet Storm Security Recent Files

Blade API Monitor unicode bypass exploit that leverages a serial number buffer overflow vulnerability.
Tags: monitor api blade buffer-overflow-vulnerability serial-number
6:44
TestLink 1.9.3 SQL Injection
» ‎ Packet Storm Security Recent Files

TestLink version 1.9.3 suffers from a remote SQL injection vulnerability.
Tags: injection testlink sql vulnerability
5:33
Joomla Machine SQL Injection
» ‎ Packet Storm Security Recent Files

The Joomla Machine component suffers from a remote SQL injection vulnerability.
Tags: machine sql joomla machine-component vulnerability
4:55
VOXTRONIC Voxlog Professional 3.7.2.729 SQL Injection / Disclosure
» ‎ Packet Storm Security Recent Files

VOXTRONIC Voxlog Professional versions 3.7.2.729 and below suffer from file disclosure, remote code execution, and remote SQL injection vulnerabilities.
Tags: voxtronic voxlog professional code-execution professional-versions disclosure
4:12
DJ Studio Pro 5.1.6.5.2 Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a stack-based buffer overflow in DJ Studio Pro 5.1.6.5.2. An attacker must send the file to victim and the victim must open the file. Alternatively it may be possible to execute code remotely via an embedded PLS file within a browser, when the PLS extension is registered to DJ Studio Pro. This functionality has not been tested in this module.
Tags: buffer studio overflow based-buffer-overflow pls-file dj-studio
3:11
AgentImage CMS SQL Injection
» ‎ Packet Storm Security Recent Files

AgentImage CMS suffers from a remote SQL injection vulnerability.
Tags: agentimage sql cms sql-injection vulnerability
2:11
Search Engine Builder Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Search Engine Builder suffers from a cross site scripting vulnerability.
Tags: engine builder search search-engine-builder cross-site-scripting vulnerability
February 19, 2012
17:11
F*EX 20100208 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

F*EX (Frams's Fast File EXchange) versions 20100208 and below suffer from multiple cross site scripting vulnerabilities.
Tags: cross scripting site frams file-exchange
10:22
Flipkart Open Redirection
» ‎ Packet Storm Security Recent Files

Flipkart suffers from an open redirection vulnerability.
Tags: redirection flipkart open vulnerability
10:02
PlumeCMS 1.2.4 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

PlumeCMS versions 1.2.4 and below suffer from a cross site request forgery vulnerability.
Tags: cross site plumecms forgery vulnerability
9:44
SyndeoCMS 3.0 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

SyndeoCMS versions 3.0 and below suffer from a cross site request forgery vulnerability.
Tags: cross syndeocms site forgery vulnerability
9:22
Pirelli Discus DSL-DRGA112-07 Denial Of Service
» ‎ Packet Storm Security Recent Files

Pirelli Discus DSL-DRGA112-07 suffers from a denial of service vulnerability.
Tags: dsl-drga pirelli discus service-vulnerability denial-of-service
9:12
D-Link DSL-2640B Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

The D-Link DSL-2640B ADSL router suffers from a cross site request forgery vulnerability.
Tags: cross d-link site adsl-router forgery vulnerability
8:44
SHLAspCms SQL Injection
» ‎ Packet Storm Security Recent Files

SHLAspCms suffers from a remote SQL injection vulnerability.
Tags: injection shlaspcms sql sql-injection vulnerability
8:22
Conduit Mobile Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Conduit Mobile suffers from a persistent cross site scripting vulnerability.
Tags: conduit cross mobile vulnerability
7:55
WebTriad SQL Injection
» ‎ Packet Storm Security Recent Files

WebTriad suffers from a remote SQL injection vulnerability.
Tags: injection webtriad sql sql-injection vulnerability
6:45
SICT SQL Injection
» ‎ Packet Storm Security Recent Files

SICT suffers from a remote SQL injection vulnerability.
Tags: injection sict sql sql-injection vulnerability
6:44
Jamroom Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Jamroom suffers from a cross site scripting vulnerability.
Tags: cross jamroom site vulnerability
6:22
Boomge Search Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Boomge Search suffers from a cross site scripting vulnerability.
Tags: cross boomge search cross-site-scripting vulnerability
4:13
Mitra Iranian CMS Shell Upload
» ‎ Packet Storm Security Recent Files

Mitra Iranian CMS suffers from a remote shell upload vulnerability.
Tags: iranian mitra cms remote-shell
4:12
WebsiteBaker 2.8.2 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

WebsiteBaker version 2.8.2 SP2 suffers from an HTTP-Referer a cross site scripting vulnerability.
Tags: cross websitebaker site sp2 vulnerability http-referer
February 18, 2012
9:33
Threat Modeling Cloud Applications
» ‎ Packet Storm Security Recent Files

These are the presentation slides from a talk called Threat Modeling Cloud Applications: What You Don't Know Will Hurt You as presented at the OWASP AppSec USA 2011 conference.
Tags: modeling threat cloud don usa presentation-slides owasp
9:28
Behavioral Security Modeling
» ‎ Packet Storm Security Recent Files

These are the presentation slides from a talk called Behavioral Security Modeling: Eliminating Vulnerabilities by Building Predictable Systems as presented at the OWASP AppSec USA 2011 conference.
Tags: modeling behavioral security usa presentation-slides owasp vulnerabilities
9:03
Trustwave Global Security Report
» ‎ Packet Storm Security Recent Files

These slides are from the Trustwave Global Security Report as presented at the OWASP AppSec USA 2011 conference.
Tags: global trustwave security usa owasp security-report global-security
8:36
Ghosts Of XSS Past, Present, And Future
» ‎ Packet Storm Security Recent Files

These are the slides from the Ghost of XSS Past, Present, and Future presentation given at the OWASP AppSec USA 2011 conference.
Tags: xss ghosts future usa owasp slides
8:30
Web Application Security Payloads
» ‎ Packet Storm Security Recent Files

These are the slides from the Web Application Security Payloads presentation given at the OWASP AppSec USA 2011 conference.
Tags: application web security usa web-application-security owasp slides
8:27
Endian UTM Firewall 2.4.x Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Endian UTM Firewall version 2.4.x suffers from multiple cross site scripting vulnerabilities.
Tags: endian firewall utm cross-site-scripting
8:26
Joomla Xcomp Local File Inclusion
» ‎ Packet Storm Security Recent Files

The Joomla Xcomp component suffers from a local file inclusion vulnerability.
Tags: xcomp file joomla vulnerability inclusion
8:17
r00t 4 LFI Toolkit
» ‎ Packet Storm Security Recent Files

This tool is a php script that assists in performing local file inclusion attacks.
Tags: tool toolkit lfi php-script inclusion
8:13
1337 Multiple CMS Scanner Online
» ‎ Packet Storm Security Recent Files

This tool is a php script that assists in finding vulnerable components in multiple CMS systems.
Tags: multiple scanner cms cms-systems php-script
8:10
Joomla X-Shop SQL Injection
» ‎ Packet Storm Security Recent Files

The Joomla X-Shop component suffers from a remote SQL injection vulnerability.
Tags: x-shop sql joomla vulnerability
8:09
Rocketwebco SQL Injection
» ‎ Packet Storm Security Recent Files

Rocketwebco suffers from a remote SQL injection vulnerability.
Tags: rocketwebco injection sql sql-injection vulnerability
8:08
Abbott Web Experts SQL Injection
» ‎ Packet Storm Security Recent Files

Abbott Web Experts suffers from a remote SQL injection vulnerability.
Tags: web abbott sql web-experts vulnerability
8:06
Joomla XVS Local File Inclusion
» ‎ Packet Storm Security Recent Files

The Joomla XVS component suffers from a local file inclusion vulnerability.
Tags: xvs file joomla vulnerability inclusion
8:02
360-FAAR Firewall Analysis Audit And Repair 0.1.3
» ‎ Packet Storm Security Recent Files

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
Tags: faar analysis firewall manipulation-tool dbedit logs
8:00
Wiki Spot Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Wiki Spot suffers from a cross site scripting vulnerability.
Tags: spot cross wiki cross-site-scripting vulnerability
February 17, 2012
19:40
SQL Buddy 1.3.3 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

SQL Buddy version 1.3.3 suffers from multiple cross site scripting vulnerabilities.
Tags: cross buddy sql
19:38
Webgrind 1.0 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Webgrind version 1.0 suffers from a reflective cross site scripting vulnerability.
Tags: cross webgrind site vulnerability
19:36
IETF I-D: Implications Of Oversized IPv6 Header Chains
» ‎ Packet Storm Security Recent Files

This IETF Internet Draft discusses security and interoperability implications of oversized IPv6 header chains.
Tags: ietf header ipv ipv6-header internet-draft interoperability
19:33
Pirelli Discus DSL-DRGA112-07 Remote Change Password
» ‎ Packet Storm Security Recent Files

Pirelli Discus DSL-DRGA112-07 suffers from a remote password changing vulnerability.
Tags: dsl-drga pirelli discus vulnerability
19:29
SAP AG Netweaver 7.02 Buffer Overflow
» ‎ Packet Storm Security Recent Files

SAP AG Netweaver version 7.02 suffers from a stack based buffer overflow vulnerability in the SAPHostControl service. Exploitation can lead to code execution.
Tags: buffer netweaver sap buffer-overflow-vulnerability based-buffer-overflow
19:25
Mandriva Linux Security Advisory 2012-021
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2012-021 - Multiple security issues were identified and fixed in OpenJDK (icedtea6). The updated packages provides icedtea6-1.10.6 which is not vulnerable to these issues.
Tags: mandriva security linux mandriva-linux linux-security security-advisory
19:24
CDPI Software SQL Injection
» ‎ Packet Storm Security Recent Files

CDPI Software suffers from a remote SQL injection vulnerability.
Tags: cdpi sql Software software-sql vulnerability
19:21
PHP 5.2.17 Information Disclosure / Code Execution
» ‎ Packet Storm Security Recent Files

PHP versions 5.2.0 through 5.2.17 suffers from an information disclosure and possible code execution vulnerability due to the filter_globals struct not being clean up during the shutdown stage.
Tags: disclosure php information code-execution information-disclosure globals
19:19
Multi Threaded TCP Port Scanner 4.0
» ‎ Packet Storm Security Recent Files

This is a basic TCP SYN scanner that is multi-threaded.
Tags: tcp multi scanner port-scanner
19:17
Tiki Wiki CMS Groupware Frame Injection
» ‎ Packet Storm Security Recent Files

Tiki Wiki CMS Groupware suffers from a frame inclusion vulnerability.
Tags: tiki wiki cms tiki-wiki groupware vulnerability
19:16
vBSkinWorks SQL Injection
» ‎ Packet Storm Security Recent Files

vBSkinWorks suffers from a remote SQL injection vulnerability.
Tags: vulnerability injection sql sql-injection vbskinworks
19:15
Fatheads SQL Injection
» ‎ Packet Storm Security Recent Files

Fatheads suffers from a remote SQL injection vulnerability.
Tags: injection fatheads sql sql-injection vulnerability
19:14
TOIPKRO SQL Injection
» ‎ Packet Storm Security Recent Files

TOIPKRO suffers from a remote SQL injection vulnerability.
Tags: injection sql toipkro sql-injection vulnerability
19:14
HP Security Bulletin HPSBPI02728 SSRT100692 4
» ‎ Packet Storm Security Recent Files

HP Security Bulletin HPSBPI02728 SSRT100692 4 - A potential security vulnerability has been identified with certain HP printers and HP digital senders. The vulnerability could be exploited remotely to install unauthorized printer firmware. Revision 4 of this advisory.
Tags: hpsbpi bulletin security potential-security-vulnerability hp-printers digital-senders
19:13
Stikom Library SQL Injection
» ‎ Packet Storm Security Recent Files

Stikom Library suffers from a remote SQL injection vulnerability.
Tags: library stikom sql vulnerability
19:12
Sun Flower SQL Injection
» ‎ Packet Storm Security Recent Files

Sun Flower suffers from a remote SQL injection vulnerability.
Tags: injection vulnerability sun flower flower-sql sun-flower sql-injection
19:12
I2 Soft SQL Injection
» ‎ Packet Storm Security Recent Files

I2 Soft suffers from a remote SQL injection vulnerability.
Tags: injection soft sql sql-injection vulnerability
19:11
Creatop SQL Injection
» ‎ Packet Storm Security Recent Files

Creatop suffers from a remote SQL injection vulnerability.
Tags: injection sql creatop sql-injection vulnerability
19:10
X3 CMS 0.4.3.1 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

X3 CMS version 0.4.3.1 suffers from a cross site scripting vulnerability.
Tags: cross site cms vulnerability
19:10
MoniWiki Cross Site Scripting
» ‎ Packet Storm Security Recent Files

MoniWiki suffers from a cross site scripting vulnerability.
Tags: moniwiki cross site vulnerability
19:06
Red Hat Security Advisory 2012-0144-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0144-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed on the Adobe security page APSB12-03, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content.
Tags: swf adobe security red-hat-security web-browser-plug adobe-flash-player
19:06
Ubuntu Security Notice USN-1367-4
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1367-4 - USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Xulrunner. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Various other issues were also addressed.
Tags: ubuntu libpng security denial-of-service automated-system
19:05
Ubuntu Security Notice USN-1369-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1369-1 - Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
Tags: user ubuntu thunderbird nicolas-gregoire memory-corruption xslt-stylesheet
19:05
Ubuntu Security Notice USN-1367-3
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1367-3 - USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Thunderbird. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Various other issues were also addressed.
Tags: ubuntu libpng security denial-of-service automated-system
19:05
Ubuntu Security Notice USN-1367-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1367-2 - USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Firefox. Jueri Aedla discovered that libpng did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Various other issues were also addressed.
Tags: ubuntu libpng security denial-of-service automated-system
February 16, 2012
19:43
R2 1.65 Stack Overflow / Directory Traversal / Brute Forcing
» ‎ Packet Storm Security Recent Files

R2 versions 1.65 and below suffer from stack overflow, PIN brute forcing, and directory traversal vulnerabilities.
Tags: directory traversal overflow stack-overflow directory-traversal brute
19:41
Novell GroupWise Messenger 2.1.0 Arbitrary Memory Write
» ‎ Packet Storm Security Recent Files

Novell GroupWise Messenger versions 2.1.0 and below suffer from an arbitrary memory write vulnerability. Proof of concept code included.
Tags: messenger novell groupwise novell-groupwise proof-of-concept
19:39
Novell GroupWise Messenger 2.1.0 Memory Corruption
» ‎ Packet Storm Security Recent Files

Novell GroupWise Messenger versions 2.1.0 and below suffer from a memory corruption vulnerability. Proof of concept code included.
Tags: messenger novell groupwise novell-groupwise memory-corruption proof-of-concept
19:37
Novell GroupWise Messenger Client 2.1.0 Unicode Stack Overflow
» ‎ Packet Storm Security Recent Files

Novell GroupWise Messenger Client versions 2.1.0 and below suffer from a unicode stack overflow vulnerability. Proof of concept code included.
Tags: messenger novell groupwise novell-groupwise stack-overflow overflow-vulnerability
19:34
XnView 1.98.5 Integer / Heap Overflows
» ‎ Packet Storm Security Recent Files

XnView versions 1.98.5 and below suffer from an integer overflow and multiple heap overflows. Proof of concept code included.
Tags: integer xnview heap integer-overflow proof-of-concept
19:31
R4 1.25 Overflows / Directory Traversal
» ‎ Packet Storm Security Recent Files

R4 versions 1.25 and below suffer from stack overflows, a heap overflow, and a directory traversal vulnerability.
Tags: directory overflows traversal directory-traversal-vulnerability stack-overflows heap
19:27
Java MixerSequencer Object GM_Song Structure Handling
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GM_Song structure is populated with a function pointer provided by a SONG block in the RMF. A Midi block that contains a MIDI with a specially crafted controller event is used to trigger the vulnerability. When triggering the vulnerability "ebx" points to a fake event in the MIDI file which stores the shellcode. A "jmp ebx" from msvcr71.dll is used to make the exploit reliable over java updates.
Tags: java mixersequencer midi java-updates midi-file song-structure
19:27
Horde 3.3.12 Backdoor Arbitrary PHP Code Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits an arbitrary PHP code execution vulnerability introduced as a backdoor into Horde 3.3.12 and Horde Groupware 1.2.10.
Tags: backdoor php horde code-execution php-code
19:25
Skype 5.6.59.x Memory Corruption
» ‎ Packet Storm Security Recent Files

Skype version 5.6.59.x suffers from a memory corruption vulnerability.
Tags: corruption Skype memory memory-corruption vulnerability
19:23
Facebook NYClubs Cross Site Scripting / SQL Injection
» ‎ Packet Storm Security Recent Files

Facebook NYClubs suffers from cross site scripting and remote SQL injection vulnerabilities.
Tags: cross facebook nyclubs
19:21
Pandora FMS 4.0.1 Local File Inclusion
» ‎ Packet Storm Security Recent Files

Pandora FMS version 4.0.1 suffers from a local file inclusion vulnerability.
Tags: fms inclusion file pandora vulnerability
19:19
TSS Scripts SQL Injection
» ‎ Packet Storm Security Recent Files

TSS Scripts suffers from a remote SQL injection vulnerability.
Tags: scripts sql tss vulnerability
19:18
Upnorthwebs / Lightbox SQL Injection
» ‎ Packet Storm Security Recent Files

Upnorthwebs and Lightbox suffer from a remote SQL injection vulnerability.
Tags: upnorthwebs lightbox sql vulnerability
19:17
Urban Genesis SQL Injection
» ‎ Packet Storm Security Recent Files

Urban Genesis suffers from a remote SQL injection vulnerability.
Tags: injection vulnerability sql urban-genesis genesis
19:16
Taylored Ideas SQL Injection
» ‎ Packet Storm Security Recent Files

Taylored Ideas suffers from a remote SQL injection vulnerability.
Tags: injection sql taylored vulnerability
19:15
San Software CMS SQL Injection
» ‎ Packet Storm Security Recent Files

San Software CMS suffers from a remote SQL injection vulnerability.
Tags: sql Software cms san sql-injection vulnerability
19:14
Magezi Solutions SQL Injection
» ‎ Packet Storm Security Recent Files

Magezi Solutions suffers from a remote SQL injection vulnerability.
Tags: injection magezi sql vulnerability
19:13
Lava CMS SQL Injection
» ‎ Packet Storm Security Recent Files

Lava CMS suffers from a remote SQL injection vulnerability.
Tags: lava sql cms sql-injection vulnerability
19:12
kryCMS 3.0 SQL Injection
» ‎ Packet Storm Security Recent Files

kryCMS version 3.0 suffers from a remote SQL injection vulnerability.
Tags: injection krycms sql vulnerability
19:11
AtWiki Cross Site Scripting
» ‎ Packet Storm Security Recent Files

AtWiki suffers from a cross site scripting vulnerability.
Tags: cross atwiki site vulnerability
19:10
RadhikaGB Local File Inclusion
» ‎ Packet Storm Security Recent Files

RadhikaGB suffers from a local file inclusion vulnerability.
Tags: radhikagb inclusion file vulnerability
19:04
WampServer 2.2c Cross Site Scripting
» ‎ Packet Storm Security Recent Files

WampServer is vulnerable to cross site scripting vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'lang' parameter (GET) in index.php script. An attacker may leverage any of the cross site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing as well as other attacks.
Tags: cross wampserver site authentication-credentials cross-site-scripting
19:04
Telerom CMS SQL Injection
» ‎ Packet Storm Security Recent Files

Telerom CMS suffers from a remote SQL injection vulnerability.
Tags: telerom sql cms sql-injection vulnerability
19:03
Adbay SQL Injection
» ‎ Packet Storm Security Recent Files

Adbay suffers from a remote SQL injection vulnerability.
Tags: injection sql adbay sql-injection vulnerability
19:02
SibexSystems SQL Injection
» ‎ Packet Storm Security Recent Files

SibexSystems suffers from a remote SQL injection vulnerability.
Tags: sibexsystems injection sql sql-injection vulnerability
February 15, 2012
19:50
Hydra Network Logon Cracker 7.2
» ‎ Packet Storm Security Recent Files

THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
Tags: logon network hydra cisco-aaa socks pcnfs network-logon vnc
19:35
Cisco Security Advisory 20120215-nxos
» ‎ Packet Storm Security Recent Files

Cisco Security Advisory - Cisco NX-OS Software is affected by a denial of service (DoS) vulnerability that could cause Cisco Nexus 1000v, 5000, and 7000 Series Switches that are running affected versions of Cisco NX-OS Software to reload when the IP stack processes a malformed IP packet. Cisco has released free software updates that address this vulnerability.
Tags: advisory nx-os Software cisco-nx-os cisco-nexus cisco-security cisco-security-advisory free-software-updates dos-vulnerability
19:33
Oracle Java Web Start Remote Code Execution
» ‎ Packet Storm Security Recent Files

A Java Web Start vulnerability exists in Oracle Java. The vulnerability can be exploited by remote unauthenticated attackers to execute arbitrary code on a vulnerable system.
Tags: java oracle web java-web-start oracle-java code-execution
19:12
LEPTON 1.1.3 SQL Injection / XSS / Local File Inclusion
» ‎ Packet Storm Security Recent Files

LEPTON version 1.1.3 suffers from cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.
Tags: injection lepton sql inclusion
19:10
11in1 1.2.1 Stable 12-31-2011 Cross Site Request Forgery / Local File Inclusion
» ‎ Packet Storm Security Recent Files

11in1 version 1.2.1 stable 12-31-2011 suffers from cross site request forgery and local file inclusion vulnerabilities.
Tags: cross request site forgery inclusion stable
19:02
Mandriva Linux Security Advisory 2012-020
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2012-020 - Cross-site scripting vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php. The updated packages have been patched to correct this issue.
Tags: mandriva security linux mandriva-linux arbitrary-web linux-security
14:46
Red Hat Security Advisory 2012-0135-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0135-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Tags: java hat red java-runtime-environment red-hat-security java-virtual-machine
14:46
Red Hat Security Advisory 2012-0116-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0116-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.
Tags: hat red security kernel-packages red-hat-security integrity-issues
14:46
Debian Security Advisory 2410-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 2410-1 - Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed.
Tags: advisory debian security png-library integer-overflow linux-security
14:45
Ubuntu Security Notice USN-1366-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1366-1 - Paul Wise discovered that debdiff did not properly sanitize its input when processing .dsc and .changes files. If debdiff processed a crafted file, an attacker could execute arbitrary code with the privileges of the user invoking the program. Raphael Geissert discovered that debdiff did not properly sanitize its input when processing source packages. If debdiff processed an original source tarball, with crafted filenames in the top-level directory, an attacker could execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.
Tags: ubuntu security debdiff paul-wise raphael-geissert source-tarball source-packages
14:45
Red Hat Security Advisory 2012-0137-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0137-01 - TeX Live is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent file as output. The texlive packages provide a number of utilities, including dvips. TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility.
Tags: live lib tex based-buffer-overflow font-metrics red-hat-security
14:44
Red Hat Security Advisory 2012-0109-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0109-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.
Tags: hat red enterprise network-interface-card red-hat-security red-hat-enterprise
14:43
Debian Security Advisory 2409-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 2409-1 - Several vulnerabilities have been discovered in debdiff, a script used to compare two Debian packages, which is part of the devscripts package.
Tags: advisory debian security linux-security debian-linux debian-security
14:42
Red Hat Security Advisory 2012-0136-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0136-01 - The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
Tags: vorbis application ogg based-buffer-overflow red-hat-security proprietary-patent
10:22
FreePBX Credential Disclosure
» ‎ Packet Storm Security Recent Files

FreePBX suffers from a remote credential disclosure vulnerability via the web interface.
Tags: disclosure freepbx credential web-interface vulnerability
9:22
360-FAAR Firewall Analysis Audit And Repair
» ‎ Packet Storm Security Recent Files

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.
Tags: faar analysis firewall manipulation-tool dbedit logs
9:11
Adobe Shockwave Player Parsing block_cout Memory Corruption
» ‎ Packet Storm Security Recent Files

Adobe Shockwave Player versions 11.6.x.x suffer from a memory corruption vulnerability when parsing the field of KEY_ATOM of Director File.
Tags: shockwave player adobe director-file adobe-shockwave-player memory-corruption player-versions
8:22
Adobe Shockwave Player Parsing Heap Overflow
» ‎ Packet Storm Security Recent Files

Adobe Shockwave Player versions 11.6.x.x suffer from a parsing cupt atom heap overflow vulnerability.
Tags: shockwave player adobe adobe-shockwave-player overflow-vulnerability player-versions
6:44
Fink Project Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Fink Project suffers from a cross site scripting vulnerability.
Tags: cross fink project cross-site-scripting vulnerability
6:22
Grady Levkov Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Grady Levkov suffers from a cross site scripting vulnerability.
Tags: cross scripting site grady-levkov vulnerability
4:19
Besancon Groupe Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Besancon Groupe suffers from a cross site scripting vulnerability.
Tags: besancon cross groupe vulnerability
4:13
Firaxis Game SQL Injection
» ‎ Packet Storm Security Recent Files

Firaxis Game suffers from a remote SQL injection vulnerability.
Tags: game firaxis sql vulnerability
4:12
The Greenroof SQL Injection
» ‎ Packet Storm Security Recent Files

The Greenroof suffers from a remote SQL injection vulnerability.
Tags: injection greenroof sql vulnerability
4:11
Tube Ace Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Tube Ace, the adult PHP tube script, suffers from a cross site scripting vulnerability.
Tags: cross tube ace cross-site-scripting vulnerability
3:11
Xenon Web Services SQL Injection
» ‎ Packet Storm Security Recent Files

Xenon Web Services suffers from a remote SQL injection vulnerability.
Tags: web xenon sql vulnerability
February 14, 2012
16:10
Microsoft Security Bulletin Summary For February 2012
» ‎ Packet Storm Security Recent Files

This bulletin summary lists 9 Microsoft security bulletins released for February, 2012.
Tags: microsoft bulletin security microsoft-security-bulletin
16:07
Technical Cyber Security Alert 2012-45A
» ‎ Packet Storm Security Recent Files

Technical Cyber Security Alert 2012-45A - There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Silverlight, Office, and Microsoft Server Software. Microsoft has released updates to address these vulnerabilities.
Tags: microsoft technical cyber microsoft-server-software explorer-microsoft microsoft-net-framework
16:06
Mandriva Linux Security Advisory 2012-019
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2012-019 - tables/apr_hash.c in the Apache Portable Runtime library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. APR has been upgraded to the latest version which holds many improvements over the previous versions and is not vulnerable to this issue.
Tags: mandriva hash linux mandriva-linux hash-values hash-table
16:04
Chicago Tribune Cross Site Scripting
» ‎ Packet Storm Security Recent Files

The mobile.chicagotribune.com site suffers from a cross site scripting vulnerability.
Tags: tribune cross site chicago chicagotribune chicago-tribune vulnerability
15:59
Ubuntu Security Notice USN-1365-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1365-1 - It was discovered that Puppet would allow remote ralsh under certain circumstances. An attacker on an authenticated puppet node could exploit this to view or manipulate resources on other Puppet nodes.
Tags: ubuntu puppet security security-notice attacker
6:44
Sonexis ConferenceManager Information Disclosure
» ‎ Packet Storm Security Recent Files

Netragard, L.L.C Advisory - Sonexis ConferenceManager versions up to 10.x suffer from multiple information disclosure and lack of authentication vulnerabilities.
Tags:
February 13, 2012
16:44
AdSuck DNS Server 2.4.2
» ‎ Packet Storm Security Recent Files

Adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites such as ad servers, crawlers, etc. It can be used locally, for the road warrior, or on the network perimeter in order to protect local machines from malicious sites.
Tags: server adsuck dns network-perimeter dns-server road-warrior
16:39
Mandriva Linux Security Advisory 2012-018
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2012-018 - Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call.
Tags: mandriva-linux linux-security denial-of-service
16:38
Slackware Security Advisory - vsftpd Updates
» ‎ Packet Storm Security Recent Files

Slackware Security Advisory - New vsftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to work around a vulnerability in glibc.
Tags: advisory slackware security slackware-11 vulnerability
16:37
Slackware Security Advisory - proftpd Updates
» ‎ Packet Storm Security Recent Files

Slackware Security Advisory - New proftpd packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
Tags: advisory slackware security slackware-11 security-issues proftpd
16:36
Facebook View My Calendar SQL Injection
» ‎ Packet Storm Security Recent Files

Facebook View My Calendar suffers from a remote SQL injection vulnerability.
Tags: facebook calendar view vulnerability
16:34
Facebook Life Smile SQL Injection
» ‎ Packet Storm Security Recent Files

Facebook Life Smile suffers from a remote SQL injection vulnerability.
Tags: facebook smile life life-smile vulnerability
14:25
FASM AES Implementation 1.0
» ‎ Packet Storm Security Recent Files

This is an AES-128, AES-192 and AES-256 implementation for FASM. It uses the x86 32-bit instruction set and operates completely on the stack. No additional data segments are necessary which makes it easy to integrate the AES functions in any existing project. The implementation is not optimized for speed but for easy maintainability.
Tags: implementation fasm aes data-segments existing-project maintainability
14:24
Worstpreviews SQL Injection
» ‎ Packet Storm Security Recent Files

Worstpreviews suffers from a remote SQL injection vulnerability.
Tags: sql-injection worstpreviews vulnerability
14:13
EditWRX CMS Remote Code Execution
» ‎ Packet Storm Security Recent Files

EditWRX CMS suffers from a remote code execution vulnerability due to a mishandling of data passed to open().
Tags: code editwrx cms code-execution vulnerability
14:11
Skype 5.x.x Information Disclosure
» ‎ Packet Storm Security Recent Files

Even if a user has their security settings with no history enabled, Skype 5.x.x fails to securely remove chat messages stored in the sqlite3 database.
Tags: disclosure Skype information information-disclosure security-settings
14:09
Weibo.com Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Weibo.com suffers from a cross site scripting vulnerability.
Tags: cross weibo com cross-site-scripting vulnerability
14:08
Red Hat Security Advisory 2012-0126-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0126-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Tags: glibc red application based-buffer-overflow math-libraries red-hat-security
14:08
Red Hat Security Advisory 2012-0128-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0128-01 - The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
Tags: server http red uri apache-http-server red-hat-security reverse-proxy
14:07
Red Hat Security Advisory 2012-0125-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0125-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Tags: glibc red application based-buffer-overflow math-libraries red-hat-security
14:06
Red Hat Security Advisory 2012-0127-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0127-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. These updated packages upgrade MySQL to version 5.0.95.
Tags: server red mysql mysql-database-server red-hat-security server-daemon
13:16
Slackware Security Advisory - glibc Updates
» ‎ Packet Storm Security Recent Files

Slackware Security Advisory - New glibc packages are available for Slackware 13.1, 13.37, and -current to fix a security issue.
Tags: advisory slackware security security-issue
13:14
Slackware Security Advisory - php Updates
» ‎ Packet Storm Security Recent Files

Slackware Security Advisory - New php packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
Tags: advisory slackware security slackware-12 security-issues
13:12
Slackware Security Advisory - httpd Updates
» ‎ Packet Storm Security Recent Files

Slackware Security Advisory - New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. The apr-util package has also been updated to the latest version.
Tags: advisory slackware security slackware-12 security-issues
13:10
Ubuntu Security Notice USN-1359-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1359-1 - It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. It was discovered that Tomcat computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by sending many crafted parameters. Various other issues were also addressed.
Tags: ubuntu notice security hash-values denial-of-service security-notice
13:10
Ubuntu Security Notice USN-1364-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1364-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. Various other issues were also addressed.
Tags: ubuntu notice security andy-whitcroft permission-checks security-modules linux-security
13:10
Ubuntu Security Notice USN-1363-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1363-1 - A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Andy Whitcroft discovered a that the Overlayfs filesystem was not doing the extended permission checks needed by cgroups and Linux Security Modules (LSMs). A local user could exploit this to by-pass security policy and access files that should not be accessible. Various other issues were also addressed.
Tags: user ubuntu security andy-whitcroft programmable-interval-timer permission-checks security-modules
13:09
Debian Security Advisory 2408-1
» ‎ Packet Storm Security Recent Files

Debian Linux Security Advisory 2408-1 - Several vulnerabilities have been discovered in PHP, the web scripting language.
Tags: advisory debian security web-scripting-language linux-security debian-linux
13:09
Ubuntu Security Notice USN-1362-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1362-1 - Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Various other issues were also addressed.
Tags: user ubuntu flaw wen-nienhuys programmable-interval-timer kernel-module denial-of-service
13:09
Ubuntu Security Notice USN-1361-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1361-1 - Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service. A flaw was found in KVM's Programmable Interval Timer (PIT). When a virtual interrupt control is not available a local user could use this to cause a denial of service by starting a timer. A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system. Various other issues were also addressed.
Tags: user ubuntu flaw wen-nienhuys programmable-interval-timer kernel-module denial-of-service
13:08
Ubuntu Security Notice USN-1358-2
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1358-2 - USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. Various other issues were also addressed.
Tags: ubuntu notice security security-notice usn regression
13:07
Ubuntu Security Notice USN-1360-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1360-1 - Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox.
Tags: ubuntu notice security andrew-mccreight application-crash denial-of-service mccreight
February 12, 2012
18:36
Bluelog Bluetooth Scanner/Logger 1.0.2
» ‎ Packet Storm Security Recent Files

Bluelog is a Bluetooth scanner/logger written with speed in mind. It is intended to be used as a site survey tool, concerned more about accurately detecting the number of discoverable Bluetooth devices than individual device specifics. Bluelog also includes the unique "Bluelog Live" mode, which puts discovered devices into a constantly updating live webpage which you can serve up with your HTTP daemon of choice.
Tags: bluetooth scanner bluelog bluetooth-devices survey-tool site-survey
18:33
Kloxo LxCenter CP 6.1.10 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Kloxo LxCenter CP version 6.1.10 suffers from a cross site scripting vulnerability.
Tags: lxcenter cross kloxo version-6 vulnerability
18:30
Mandriva Linux Security Advisory 2012-017
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2012-017 - Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service or possibly execute arbitrary code.
Tags: mandriva security linux mandriva-linux linux-security denial-of-service
18:27
Zimbra Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Zimbra suffers from a cross site scripting vulnerability.
Tags: cross zimbra site vulnerability
18:26
Fork CMS 3.2.4 Cross Site Scripting / Local File Inclusion
» ‎ Packet Storm Security Recent Files

Fork CMS version 3.2.4 suffers from cross site scripting and local file inclusion vulnerabilities.
Tags: cross fork cms inclusion
8:37
Codetective Analysis Tool
» ‎ Packet Storm Security Recent Files

Codetective is a simple tool to determine the crypto/encoding algorithm used according to traces of its representation. Written in Python.
Tags: codetective analysis tool encoding-algorithm analysis-tool python
8:29
Wi-Fi Security With Wi-Fi Protection Plus
» ‎ Packet Storm Security Recent Files

Whitepaper called Wi-Fi Security with Wi-Fi Protection Plus. Wi-Fi P+ is a new security architecture proposed by the authors.
Tags: protection plus security new-security-architecture
8:28
PBBoard 2.1.4 Cross Site Request Forgery / Shell Upload
» ‎ Packet Storm Security Recent Files

PBBoard version 2.1.4 suffers from cross site request forgery and shell upload vulnerabilities.
Tags: cross pbboard site forgery shell
8:26
Razor CMS 1.2 File Disclosure
» ‎ Packet Storm Security Recent Files

Razor CMS version 1.2 suffers from multiple file disclosure vulnerabilities.
Tags: version razor cms multiple-file disclosure
8:02
eFront Community++ 3.6.10 SQL Injection
» ‎ Packet Storm Security Recent Files

eFront Community++ version 3.6.10 suffers from a remote SQL injection vulnerability.
Tags: efront sql Community vulnerability
7:59
Yahoo! Messenger 11.5 Buffer Overflow
» ‎ Packet Storm Security Recent Files

Yahoo! Messenger version 11.5 suffers from a buffer overflow vulnerability.
Tags: messenger buffer yahoo buffer-overflow-vulnerability messenger-version
7:54
Win32 Speaking Shellcode
» ‎ Packet Storm Security Recent Files

Win32 speaking shellcode that says "You are owned!" when injected into a process.
Tags: speaking shellcode win
February 10, 2012
22:20
Mandriva Linux Security Advisory 2012-016
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2012-016 - A File Inclusion vulnerability was discovered and corrected in GLPI. This advisory provides the latest version of GLPI that is not vulnerable to this issue.
Tags: mandriva security linux mandriva-linux linux-security security-advisory
22:19
OnxShop CMS 1.5.0 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

OnxShop CMS version 1.5.0 suffers from multiple cross site scripting vulnerabilities.
Tags: cross onxshop cms
22:16
Microsoft Security Bulletin Advance Notification For February 2012
» ‎ Packet Storm Security Recent Files

This is an advance notification of 9 security bulletins that Microsoft is intending to release on February 14, 2012.
Tags: advance microsoft security microsoft-security-bulletin-advance-notification microsoft-security-bulletin security-bulletins
22:14
CubeCart 3.0.20 Open Redirection
» ‎ Packet Storm Security Recent Files

CubeCart versions 3.0.20 and below suffer from an open URL redirection vulnerability.
Tags: cubecart open redirection url-redirection open-url vulnerability
22:13
D-Link DAP 1150 CSRF / XSS / Denial Of Service
» ‎ Packet Storm Security Recent Files

The D-Link DAP 1150 suffers from cross site request forgery, cross site scripting and denial of service vulnerabilities.
Tags: d-link dap denial denial-of-service cross-site-scripting
22:10
Zen-Cart 1.3.9h Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

Zen-Cart version 1.3.9h suffers from a cross site request forgery vulnerability.
Tags: cross cart site zen-cart forgery vulnerability
22:08
Astaro Security Gateway Whitelist Bypass
» ‎ Packet Storm Security Recent Files

The Astaro Security Gateway suffers from a whitelist bypass vulnerability due to a poorly formed regex.
Tags: gateway astaro security astaro-security-gateway vulnerability
22:05
Dolibarr CMS 3.2.0 Alpha SQL Injection
» ‎ Packet Storm Security Recent Files

Dolibarr CMS version 3.2.0 Alpha suffers from a remote SQL injection vulnerability.
Tags: injection cms dolibarr alpha-sql alpha sql-injection vulnerability
22:02
Dolibarr CMS 3.2.0 Alpha Local File Inclusion
» ‎ Packet Storm Security Recent Files

Dolibarr CMS version 3.2.0 Alpha suffers from multiple local file inclusion vulnerabilities.
Tags: alpha cms dolibarr inclusion
21:59
Pfile 1.02 Cross Site Scripting / SQL Injection
» ‎ Packet Storm Security Recent Files

Pfile version 1.02 suffers from cross site scripting and remote SQL injection vulnerabilities.
Tags: cross pfile site
21:58
Nova CMS Remote File Inclusion
» ‎ Packet Storm Security Recent Files

Nova CMS suffers from multiple remote file inclusion vulnerabilities.
Tags: inclusion file remote nova-cms cms
21:47
OpenSSH 5.9p1 Backdoor
» ‎ Packet Storm Security Recent Files

This is a patch for OpenSSH version 5.9p1 that adds a magic root password backdoor, logs usernames and passwords and keeps connections from being logged in wtmp, utmp, etc.
Tags: patch backdoor openssh usernames-and-passwords root-password logs
21:41
Kloxo LxCenter Server CP 6.1.10 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Kloxo LxCenter Server CP version 6.1.10 suffers from multiple cross site scripting vulnerabilities.
Tags: lxcenter server kloxo version-6
21:39
STHS v2 Web Portal 2.2 SQL Injection
» ‎ Packet Storm Security Recent Files

STHS v2 Web Portal version 2.2 suffers from a remote SQL injection vulnerability.
Tags: sths portal web web-portal vulnerability
21:38
MachForm 2.4 Remote File Inclusion
» ‎ Packet Storm Security Recent Files

MachForm version 2.4 suffers from multiple remote file inclusion vulnerabilities.
Tags: machform inclusion file
21:37
BASE 1.4.5 Remote File Inclusion / Shell Creation
» ‎ Packet Storm Security Recent Files

BASE version 1.4.5 suffers from multiple remote file inclusion vulnerabilities and a shell creation vulnerability.
Tags: inclusion file base shell-creation creation-vulnerability vulnerabilities
21:36
Gocart 1.0.2 Remote File Inclusion
» ‎ Packet Storm Security Recent Files

Gocart version 1.0.2 suffers from multiple remote file inclusion vulnerabilities.
Tags: inclusion gocart file
21:35
Indianapolis Superbowl 2012 SQL Injection
» ‎ Packet Storm Security Recent Files

The Indianapolis Superbowl 2012 website suffered from multiple remote SQL injection vulnerabilities.
Tags: injection superbowl sql indianapolis
21:32
GLPI 0.80.61 Local File Inclusion / Remote File Inclusion
» ‎ Packet Storm Security Recent Files

GLPI versions 0.80.61 and below suffer from local file inclusion and remote file inclusion vulnerabilities.
Tags: glpi inclusion file
21:31
BeWelcome Cross Site Scripting
» ‎ Packet Storm Security Recent Files

BeWelcome suffers from a cross site scripting vulnerability.
Tags: cross site bewelcome vulnerability
21:28
DotDotPwn - The Directory Traversal Fuzzer 3.0
» ‎ Packet Storm Security Recent Files

DotDotPwn is a very flexible intelligent fuzzer to discover directory traversal vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs,Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
Tags: directory dotdotpwn traversal web-platforms tftp-servers independent-module
14:33
Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020000 Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.
Tags: citrix provisioning windows remote-buffer-overflow udp-port provisioning-services
14:32
Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability found in Adobe Flash Player's Flash10u.ocx component. When processing a MP4 file (specifically the Sequence Parameter Set), Flash will see if pic_order_cnt_type is equal to 1, which sets the num_ref_frames_in_pic_order_cnt_cycle field, and then blindly copies data in offset_for_ref_frame on the stack, which allows arbitrary remote code execution under the context of the user. Numerous reports also indicate that this vulnerability has been exploited in the wild. Please note that the exploit requires a SWF media player in order to trigger the bug, which currently isn't included in the framework. However, software such as Longtail SWF Player is free for non-commercial use, and is easily obtainable.
Tags: player order flash adobe-flash-player swf-player code-execution
14:31
NIELD (Network Interface Events Logging Daemon) 0.22
» ‎ Packet Storm Security Recent Files

Network Interface Events Logging Daemon is a tool that receives notifications from the kernel through the rtnetlink socket, and generates logs related to link state, neighbor cache (ARP,NDP), IP address (IPv4,IPv6), route, FIB rules.
Tags: network logging interface interface-events network-interface ndp
14:29
SMW+ 1.5.6 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

SMW+ version 1.5.6 suffers from a cross site scripting vulnerability.
Tags: cross smw site vulnerability
14:28
BackZtage CMS Shell Upload / SQL Injection
» ‎ Packet Storm Security Recent Files

BackZtage CMS suffers from shell upload and remote SQL injection vulnerabilities.
Tags: shell backztage cms sql-injection
14:28
KedaiScript Shell Upload
» ‎ Packet Storm Security Recent Files

KedaiScript suffers from a remote shell upload vulnerability.
Tags: kedaiscript upload shell remote-shell vulnerability
14:26
eFront Community++ 3.6.10 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

eFront Community++ version 3.6.10 suffers from cross site scripting vulnerabilities.
Tags: cross efront Community
14:22
PeerBlock 1.1 Denial Of Service
» ‎ Packet Storm Security Recent Files

PeerBlock version 1.1 blue screen of death denial of service exploit.
Tags: service peerblock denial denial-of-service blue-screen-of-death
14:21
Pluck CMS 4.7 Cross Site Request Forgery
» ‎ Packet Storm Security Recent Files

Pluck CMS version 4.7 suffers from multiple cross site request forgery vulnerabilities.
Tags: cross pluck cms forgery
14:20
Apache MyFaces Information Disclosure
» ‎ Packet Storm Security Recent Files

Apache MyFaces Core versions 2.0.1 to 2.0.11 and 2.1.0 to 2.1.5 suffer from a remote file disclosure vulnerability.
Tags: disclosure myfaces apache apache-myfaces information-disclosure vulnerability
14:18
Drupal 6.22 With Finder 6.x-1.9 Code Execution / Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Drupal version 6.22 with Finder version 6.x-1.9 suffers from code execution and cross site scripting vulnerabilities.
Tags: code finder drupal code-execution cross-site-scripting version-6
14:17
Mandriva Linux Security Advisory 2012-015
» ‎ Packet Storm Security Recent Files

Mandriva Linux Security Advisory 2012-015 - Multiple file parser and NULL pointer vulnerabilities including a RLC dissector buffer overflow was found and corrected in Wireshark. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.
Tags: mandriva security linux mandriva-linux null-pointer buffer-overflow
14:17
RabbitWiki Cross Site Scripting
» ‎ Packet Storm Security Recent Files

RabbitWiki suffers from a cross site scripting vulnerability.
Tags: cross rabbitwiki site vulnerability
14:15
OS X / x86 Port Binding Shellcode
» ‎ Packet Storm Security Recent Files

97 bytes small OS X / x86 shellcode that binds a shell to port 4444.
Tags: binding shellcode port port-4444 os-x-x86 os-x
14:14
ProWiki Cross Site Scripting
» ‎ Packet Storm Security Recent Files

ProWiki suffers from a cross site scripting vulnerability.
Tags: cross prowiki site vulnerability
14:13
Novell.com Local File Inclusion
» ‎ Packet Storm Security Recent Files

Novell.com suffers from a local file inclusion vulnerability.
Tags: novell file com vulnerability inclusion
14:12
Sysax Multi Server 5.52 Buffer Overflow
» ‎ Packet Storm Security Recent Files

Sysax Multi Server version 5.52 and below file rename buffer overflow exploit with egghunter shellcode that spawns a shell on port 4444.
Tags: server sysax multi port-4444 buffer-overflow shellcode
14:09
Creepy Geolocation Gathering Tool 0.1.95
» ‎ Packet Storm Security Recent Files

creepy is an application that allows you to gather geolocation related information about users from social networking platforms and image hosting services. The information is presented in a map inside the application where all the retrieved data is shown, accompanied with relevant information (i.e. what was posted from that specific location) to provide context to the presentation.
Tags: geolocation creepy information networking-platforms image-hosting-services social-networking
3:11
JetVideo 8.0.2 Basic Denial Of Service
» ‎ Packet Storm Security Recent Files

JetVideo version 8.0.2 basic crash exploit.
Tags: denial jetvideo basic denial-of-service crash
February 09, 2012
23:57
Yoono Desktop 1.8.16 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Yoono Desktop add-on version 1.8.16 suffers from a cross site scripting vulnerability.
Tags: desktop cross yoono vulnerability
23:55
Yoono Firefox 7.7.0 Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Yoono Firefox add-on version 7.7.0 suffers from a cross site scripting vulnerability.
Tags: cross yoono firefox vulnerability
23:46
Ubuntu Security Notice USN-1358-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1358-1 - It was discovered that PHP computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. This could allow a remote attacker to cause a denial of service by sending many crafted parameters. ATTENTION: this update changes previous PHP behavior by limiting the number of external input variables to 1000. This may be increased by adding a "max_input_vars" directive to the php.ini configuration file. See http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars for more information. Various other issues were also addressed.
Tags: ubuntu php security hash-values input-variables configuration-php
23:46
Red Hat Security Advisory 2012-0108-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0108-01 - JBoss Cache is the clustering backbone for data distribution in JBoss Enterprise Application Platform. It provides the backing implementation for web session replication, stateful session bean replication and entity caching. It was found that NonManagedConnectionFactory would log the username and password in plain text when an exception was thrown. This could lead to the exposure of authentication credentials if local users had permissions to read the log file. Warning: Before applying this update, back up your existing JBoss Enterprise Application Platform's "jboss-as/server/[PROFILE]/lib/jbosscache-core.jar" file.
Tags: jboss hat red jboss-enterprise-application-platform authentication-credentials red-hat-security
23:44
Ubuntu Security Notice USN-1357-1
» ‎ Packet Storm Security Recent Files

Ubuntu Security Notice 1357-1 - It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
Tags: lts ubuntu curve adam-langley digital-signature-algorithm elliptic-curve curve-cryptography
23:43
Red Hat Security Advisory 2012-0107-01
» ‎ Packet Storm Security Recent Files

Red Hat Security Advisory 2012-0107-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access to the entire block device. Refer to Red Hat Knowledgebase article DOC-67874, linked to in the References, for further details about this issue.
Tags: hat red security kernel-packages red-hat-security linux-kernel

Skip to page: 1 2 3 ... 46

← Packet Storm Security Exploits Packet Storm Security Tools →

jetlib.sec » Packet Storm Security Recent Files

Feeds

Packet Storm Security Recent Files

Tags: implementation ipsec strongswan mac-os authentication-mechanisms ipsec-implementation exchange-protocols

Tags: cross livehelpnow chat cross-site-scripting vulnerability

Tags: forkcms cross site cross-site-scripting forgery

Tags: uploader shell wordpress vulnerability

Tags: oxwall cross site vulnerability

Tags: mercurycom router denial service-vulnerability denial-of-service http-headers

Tags: cross socialcms site

Tags: cross wizard cms vulnerability

Tags: wag cross site cisco-linksys adsl-router linksys-wag54gs forgery

Tags: cross p-chat site vulnerability

Tags: dns proxy dnschef network-traffic-analysis penetration-testers application-network

Tags: hat red libxml red-hat-security development-toolbox denial-of-service

Tags: server http red apache-http-server red-hat-security reverse-proxy

Tags: java hat red java-runtime-environment red-hat-security java-virtual-machine

Tags: cvs client red concurrent-version-system based-buffer-overflow cvs-client

Tags: gentoo security linux gentoo-linux-security code-versions security-advisory

Tags: advisory sudo red red-hat-security sudoers security-advisory

Tags: hat file red kernel-network red-hat-security mount-nfs

Tags: hat network red red-hat-network red-hat-security network-content

Tags: hat corruption red memory-corruption red-hat-security correct-memory

Tags: server unix samba server-message-block open-source-implementation samba-clients

Tags: hat red system ike red-hat-security system-scripts network-interfaces

Tags: advisory debian security buffer-overflows flexible-interface linux-security

Tags: hat red security network-interface-card red-hat-security privileged-guest

Tags: imagemagick hat red x-window imagemagick-utilities x-window-system red-hat-security

Tags: red cron security vixie-cron unix-daemon red-hat-security

Tags: library red application regular-expression-library c-standard-library invalid-pointer

Tags: luci conga red red-hat-security arbitrary-web administration-application

Tags: hat red security ziv-welch decompression-algorithm common-unix-printing lempel-ziv

Tags: open-source-implementation graphical-user-interfaces x-window-system

Tags: kvm red linux red-hat-security linux-kernel intel-64

Tags: group hat red network-authentication-system red-hat-security symmetric-encryption

Tags: kernel security linux kernel-packages red-hat-security linux-kernel

Tags: hat file red red-hat-security linux-package login-program

Tags: hat red busybox ziv red-hat-security system-failures

Tags: kernel kexec ssh target-server red-hat-security linux-kernel

Tags: cross dolphin site

Tags: cross oxwall site

Tags: cross xavi site cross-site-scripting forgery router

Tags: library gnu security application-programming-interface transport-layer-security communications-protocols

Tags: hat libpng red png-image-format based-buffer-overflow red-hat-security

Tags: ubuntu notice security denial-of-service ogg-files arbitrary-code

Tags: advisory debian security ogg-vorbis linux-security debian-linux

Tags: advisory debian security linux-security debian-linux debian-security

Tags: gentoo security linux gentoo-linux-security code-versions security-advisory

Tags: advisory debian security ogg-vorbis linux-security debian-linux

Tags: router adsl xavi service-vulnerability denial-of-service

Tags: cross scripting site frams file-exchange cross-site-scripting

Tags: injection denial sql elba denial-of-service information-disclosure

Tags: monitor api blade buffer-overflow-vulnerability serial-number

Tags: injection testlink sql vulnerability

Tags: machine sql joomla machine-component vulnerability

Tags: voxtronic voxlog professional code-execution professional-versions disclosure

Tags: buffer studio overflow based-buffer-overflow pls-file dj-studio

Tags: agentimage sql cms sql-injection vulnerability

Tags: engine builder search search-engine-builder cross-site-scripting vulnerability

Tags: cross scripting site frams file-exchange

Tags: redirection flipkart open vulnerability

Tags: cross site plumecms forgery vulnerability

Tags: cross syndeocms site forgery vulnerability

Tags: dsl-drga pirelli discus service-vulnerability denial-of-service

Tags: cross d-link site adsl-router forgery vulnerability

Tags: injection shlaspcms sql sql-injection vulnerability

Tags: conduit cross mobile vulnerability

Tags: injection webtriad sql sql-injection vulnerability

Tags: injection sict sql sql-injection vulnerability

Tags: cross jamroom site vulnerability

Tags: cross boomge search cross-site-scripting vulnerability

Tags: iranian mitra cms remote-shell

Tags: cross websitebaker site sp2 vulnerability http-referer

Tags: modeling threat cloud don usa presentation-slides owasp

Tags: modeling behavioral security usa presentation-slides owasp vulnerabilities

Tags: global trustwave security usa owasp security-report global-security