what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 59 RSS Feed

Files Date: 2011-11-09

Ubuntu Security Notice USN-1256-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1256-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478, CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576, CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767, CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833, CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494
SHA-256 | 065ea3de04cbda6ba2f070db62f0f0ff03f73b678f1a9b1d73799d5e8bba15ab
AbsoluteFTP 2.2.10 Buffer Overflow
Posted Nov 9, 2011
Authored by Node

AbsoluteFTP versions 1.9.6 through 2.2.10 remote buffer overflow exploit that leverages LIST.

tags | exploit, remote, overflow
SHA-256 | 872f01e2a854cf7a032dcfdef483fd45566641df3e165e3e32f59442959ff147
Aviosoft Digital TV Player Professional 1.x Buffer Overflow
Posted Nov 9, 2011
Authored by modpr0be

Aviosoft Digital TV Player Professional version 1.x stack buffer overflow exploit that spawns calc.exe.

tags | exploit, overflow
SHA-256 | dcacb9fec63a2e9898a6a4280beea67758dc693f42d4b3d3c4f4a587825aa14b
Debian Security Advisory 2342-1
Posted Nov 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2342-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
SHA-256 | 63e0e431eb37b31df98004322a486fab6463bbe6ef79e7408f1c33151d3c507e
WebDirector SQL Injection / Administrative Bypass
Posted Nov 9, 2011
Authored by DoZ

WebDirector suffers from administrative bypass and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 719b9c1df0e82a264cec5e497c0b149dae5c0c1056c391bea6818f92188217bd
Apple Security Advisory 2011-11-08-1
Posted Nov 9, 2011
Authored by Apple | Site apple.com

Apple Security Advisory 2011-11-08-1 - Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29.

tags | advisory, java, web, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3545, CVE-2011-3546, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560, CVE-2011-3561
SHA-256 | 7891543823b833ae64a36fc0bb4cf85c02278847d9d14c98f62da407a82c2326
Debian Security Advisory 2341-1
Posted Nov 9, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2341-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2011-3647, CVE-2011-3648, CVE-2011-3650
SHA-256 | 49b2ea2e13f12ea813f648bf11745925bbb71815068774b168927da6c8cffce5
Cisco Security Advisory 20111109-telepresence-c-ex-serie
Posted Nov 9, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Software that runs on Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices was updated to include secure default configurations beginning with the TC4.0 release. This change was accompanied by the release of Cisco Security Advisory cisco-sa-20110202-tandberg. Due to a manufacturing error, Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices that were distributed between November 18th, 2010 and September 19th, 2011 may have the root account enabled. Information on how to identify affected devices is available in the Details section of this advisory. Information on how to remediate this issue is available in the Workarounds section of this advisory.

tags | advisory, root
systems | cisco
SHA-256 | 29725f918f2e90e18a092a05d00bd56e61df7a178f50f6781b4b8e40bbff7374
VtigerCRM 5.2.1 Local File Inclusion
Posted Nov 9, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

VtigerCRM version 5.2.1 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | 003555ea45a9fdbed681bd06acaa02897eb02bb975506e0998fe3151aaf00c4a
Mandriva Linux Security Advisory 2011-168
Posted Nov 9, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.

tags | advisory, remote, web, denial of service
systems | linux, mandriva
advisories | CVE-2011-3348, CVE-2011-3192
SHA-256 | 5845916851f0b3755bcd79bb959415df4c03565cfb80d7815ae350490adc18fb
Ubuntu Security Notice USN-1255-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1255-1 - Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915
SHA-256 | 09897dc544161b3ede6fcf4986c67a81739df97dffc0af6a6cfd30a3f2d47b0f
AShop 5.1.3 Cross Site Scripting / Open Redirect
Posted Nov 9, 2011
Authored by Stefan Schurtz

AShop version 5.1.3 suffers from cross site scripting and open redirect vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0ab892b748573621ed77cdb1dec10b686d9a041f8d2e674dfe081fea2f6dcdf1
Dolibarr 3.1.0 Cross Site Scripting
Posted Nov 9, 2011
Authored by Stefan Schurtz

Dolibarr version 3.1.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 73f62c78744b3f8b4d9c6c84e33979de78be6f662baa3b6b6eae31a30ae282d3
Red Hat Security Advisory 2011-1444-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1444-01 - Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.

tags | advisory, web
systems | linux, redhat
SHA-256 | ca83c6f7cf131448d6882eabded7573a909ac43661be5472206d2d7cb7ce1746
LabWiki 1.1 Cross Site Scripting / Shell Upload
Posted Nov 9, 2011
Authored by muuratsalo

LabWiki versions 1.1 and below suffer from cross site scripting and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss
SHA-256 | 15a8cb3effbbc1b150b12c56fce6ab784d8f3a93df467df3afe18b0ea7f86c6a
Adobe Shockwave Player Denial Of Service
Posted Nov 9, 2011
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered that Adobe Shockwave Player suffers from a director file parsing denial of service vulnerability.

tags | advisory, denial of service
advisories | CVE-2011-2448
SHA-256 | a6ce6c08710b2be298adcfee6425607f99829e28a0c0ff7cc5af4dcdc68dc795
Adobe Shockwave Player Memory Corruption
Posted Nov 9, 2011
Authored by Code Audit Labs | Site vulnhunt.com

Code Audit Labs has discovered that Adobe Shockwave Player suffers from a director file PAMM memory corruption vulnerability.

tags | advisory
advisories | CVE-2011-2446
SHA-256 | 8fa0331e11caebc74f418fca888a60b9a5de00d45ee773bf9557006f4fd13e66
Red Hat Security Advisory 2011-1441-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1441-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2011-3377
SHA-256 | e475f500757b9400cbbd2125fc824c4792f4fcdfd60fd5d87492b02b1589069b
Red Hat Security Advisory 2011-1440-01
Posted Nov 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1440-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.

tags | advisory, web, javascript, xss
systems | linux, redhat
advisories | CVE-2011-3648
SHA-256 | be943c91e86570f5afdd3ff9f206a5e3daeeed4880fe0df663aa87a0cc2bf88c
EIN-SOF SQL Injection
Posted Nov 9, 2011
Authored by 3spi0n

Sites designed by EIN-SOF suffer from remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | a3ee2b64cb7dc4b79d377c01fbe231c0129a6b326c1bc6dd2c179638f76eb9e0
Microsoft Security Bulletin Re-Release For November, 2011
Posted Nov 9, 2011
Site microsoft.com

This is a notification from Microsoft that MS11-037, MS11-JUN, and MS11-071 have undergone major revision increments.

tags | advisory
SHA-256 | 815b6754899af8206bd2ff41adffaa055ba6d8abd0e39ff9ff97446ad9074860
Adobe Shockwave Player TextXtra.x32 Memory Corruption
Posted Nov 9, 2011
Authored by Core Security Technologies, Pablo Santamaria | Site coresecurity.com

Core Security Technologies Advisory - A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.

tags | advisory, remote, web, arbitrary
advisories | CVE-2011-2447
SHA-256 | 695649c7d963064d7f163ac945a29aca4d694e1c7ff52a09ee8e2a7a93377531
Technical Cyber Security Alert 2011-312A
Posted Nov 9, 2011
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2011-312A - There are multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
systems | windows
SHA-256 | 81ac98d2afaadbbaa9288b675a0479d88d9b743c1a79f5f972982ccbe9c5b0d4
Ubuntu Security Notice USN-1253-1
Posted Nov 9, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1253-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-1576, CVE-2011-1833, CVE-2011-2494, CVE-2011-2495, CVE-2011-2497, CVE-2011-2695, CVE-2011-2699, CVE-2011-2905, CVE-2011-2928, CVE-2011-3188, CVE-2011-3191
SHA-256 | 500dc3b4a945636f97bf2e47879fe76c35bb56044546ce1c830a4bcfd79e5365
Microsoft Security Bulletin Notification For November
Posted Nov 9, 2011
Site microsoft.com

This bulletin summary lists 4 Microsoft security bulletins released for November, 2011.

tags | advisory
SHA-256 | bed40aa96f50cbe6e979d8ac1028836a3e003551bb30a58821c831e5c03b2999
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close