what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files Date: 2011-12-06

Debian Security Advisory 2359-1
Posted Dec 6, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2359-1 - It was discovered that Mojarra, an implementation of JavaServer Faces, evaluates untrusted values as EL expressions if includeViewParameters is set to true.

tags | advisory
systems | linux, debian
advisories | CVE-2011-4358
SHA-256 | 0e5bf51ca44b6f7e187052037f792c15ea68a6d17dae41a04935fd68c0e2d375
Red Hat Security Advisory 2011-1635-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1635-03 - The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user.

tags | advisory, overflow, arbitrary
systems | linux, redhat, unix
advisories | CVE-2011-2896
SHA-256 | fe5f2da378d6df165af1406df4d08d0fd5b4ea9f6d02822b8213d9c409c860c9
WebIndia Hosting Cross Site Scripting / SQL Injection
Posted Dec 6, 2011
Authored by 3spi0n

WebIndia Hosting suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | c2d539837c5d45e4f31332e145f4d666606789acf6bc6052bc9ebd5f81cc5c16
Red Hat Security Advisory 2011-1615-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1615-03 - virt-v2v is a tool for converting and importing virtual machines to libvirt-managed KVM, or Red Hat Enterprise Virtualization. Using virt-v2v to convert a guest that has a password-protected VNC console to a KVM guest removed that password protection from the converted guest: after conversion, a password was not required to access the converted guest's VNC console. Now, converted guests will require the same VNC console password as the original guest. Note that when converting a guest to run on Red Hat Enterprise Virtualization, virt-v2v will display a warning that VNC passwords are not supported.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-1773
SHA-256 | 4cfafc694f99791c85631f43a8bc9cc2ffa82ea42b18afb9e0a4a2bcc179f193
HP Security Bulletin HPSBMU02726 SSRT100685 2
Posted Dec 6, 2011
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02726 SSRT100685 2 - A potential security vulnerability has been identified with HP Operations Agent and Performance Agent for AIX, HP-UX, Linux, and Solaris. The vulnerability could be locally exploited to gain unauthorized access to a directory. Revision 2 of this advisory.

tags | advisory
systems | linux, solaris, aix, hpux
advisories | CVE-2011-4160
SHA-256 | e3b77030422b1ae26708b2862a059cf1daa398e2be964d4cf66e62d570f8001b
Red Hat Security Advisory 2011-1581-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1581-03 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes. A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes.

tags | advisory, ruby
systems | linux, redhat
advisories | CVE-2011-2705, CVE-2011-3009
SHA-256 | 766668de266f9a5e422759c80977180b1e7d1da61b84b183a2a86e73c010afd6
Red Hat Security Advisory 2011-1580-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1580-03 - The resource-agents package contains a set of scripts to interface with several services to operate in a High Availability environment for both Pacemaker and rgmanager service managers. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2010-3389
SHA-256 | 76b9d260e2212ac0676410bf96ddadbac1b1f6a01a5448c80f8bb5634a12d824
Red Hat Security Advisory 2011-1536-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1536-03 - Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory.

tags | advisory
systems | linux, redhat
advisories | CVE-2011-4083
SHA-256 | 319511f57bf9b34678128a47e155a02243a2e0a00b701e9326eb7f88f9dfcfd7
Red Hat Security Advisory 2011-1534-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1534-03 - The nfs-utils packages provide a daemon for the kernel Network File System server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. A flaw was found in the way nfs-utils performed IP based authentication of mount requests. In configurations where a directory was exported to a group of systems using a DNS wildcard or NIS netgroup, an attacker could possibly gain access to other directories exported to a specific host or subnet, bypassing intended access restrictions.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2011-1749, CVE-2011-2500
SHA-256 | 9b129da860f95d764c403043ebfdc653e1db519628a3bbf478c5ea0b24ac8cc4
Red Hat Security Advisory 2011-1533-04
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1533-04 - Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large scale Linux and UNIX deployments. A Cross-Site Request Forgery flaw was found in Red Hat Identity Management. If a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user.

tags | advisory, remote, web, csrf
systems | linux, redhat, unix
advisories | CVE-2011-3636
SHA-256 | 0e823f1a2ae89e3334938c90bcec4ce2eb598bf36bbbf703ea7582c3e523706c
Red Hat Security Advisory 2011-1532-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1532-03 - Kexec allows for booting a Linux kernel from the context of an already running kernel. Kdump used the SSH "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps. mkdumprd created initrd files with world-readable permissions. A local user could possibly use this flaw to gain access to sensitive information, such as the private SSH key used to authenticate to a remote server when kdump was configured to dump to an SSH target.

tags | advisory, remote, kernel, local
systems | linux, redhat
advisories | CVE-2011-3588, CVE-2011-3589, CVE-2011-3590
SHA-256 | 7edcdcb7d3b2a7e1c5773868285783715345a11be979edfe68066b0d7a413c8c
Red Hat Security Advisory 2011-1531-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1531-03 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line with the "-runas" option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2011-2527
SHA-256 | 16923c194b532ddc6c8d7a2dcc4465a1625af19775eb04b43ffaf4553809d229
Red Hat Security Advisory 2011-1530-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1530-03 - The kernel packages contain the Linux kernel, the core of any Linux operating system. The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. Non-member VLAN packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service.

tags | advisory, denial of service, kernel, local
systems | linux, redhat
advisories | CVE-2011-1020, CVE-2011-3347, CVE-2011-3638, CVE-2011-4110
SHA-256 | 0ea0d8d1bd62a748fefde36e3fb68a6860a5459a3012b4b4223b673f37abf7b8
Red Hat Security Advisory 2011-1526-03
Posted Dec 6, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1526-03 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file.

tags | advisory, arbitrary, local, code execution
systems | linux, redhat
advisories | CVE-2009-5064, CVE-2011-1089
SHA-256 | 8fcb821effd2130157bef6f3b9ef23b06ccb0069c78542c7e2046126393556b5
WordPress Pretty Link 1.5.2 Cross Site Scripting
Posted Dec 6, 2011
Authored by Am!r | Site irist.ir

WordPress Pretty Link plugin version 1.5.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 83307ac43a7caabbcb70c0af07c51412f9682fd79f7a75337f6ad274f9b5747e
SMF Portal 1.1.15 Shell Upload
Posted Dec 6, 2011
Authored by HELLBOY

SMF Portal version 1.1.15 suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | 78c8044fefabad72132f022d457ae6c0d678948a27156f141f450bb37613fbfc
EPractize Labs Backdoor
Posted Dec 6, 2011
Authored by Jan van Niekerk

EPractize Labs spamming software appears to have a file write backdoor.

tags | exploit
SHA-256 | 8838e9546b81ee8f81053596ed558c554ca8961c81dcf5402ccfd386d23ea503
Web Backdoors - Attack, Evasion And Detection
Posted Dec 6, 2011
Authored by FB1H2S

Whitepaper called Web Backdoors - Attack, Evasion and Detection. This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. It explains a few techniques that could be used to render undetectable and unnoticed backdoors inside web applications.

tags | paper, web
SHA-256 | b1a5cd53ac0ba93fa6ae8a95e647a33652ee817065946819d8fc813efa6fdce6
AlstraSoft EPay Enterprise 4.0 SQL Injection
Posted Dec 6, 2011
Authored by Don from BalcanCrew

AlstraSoft EPay Enterprise version 4.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 745883b54cf35eb9a6ff37a0e2b066386de511bfab315dfe1540bfe765e96982
Five Star Review Remote SQL Injection
Posted Dec 6, 2011
Authored by EthicalPractice

Five Star Review suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | e83b9c8d6762064692816070fcdd575675e49ea9d3206f90e9142e19decd38aa
PHP Calendars SQL Injection
Posted Dec 6, 2011
Authored by Mr.MLL

PHP Calendars suffers from a remote SQL injection vulnerability in eventdisplay.php.

tags | exploit, remote, php, sql injection
SHA-256 | 6dbc3c89fc5ecc6c8a971227682ff2f6c10804afee2c3c1be7410020919b7f94
Secunia Security Advisory 47090
Posted Dec 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | b7e3c73b4747b16d1e461e4bd792a1a83ac6f9e5e04c6389223ab2b30357dae6
Secunia Security Advisory 47072
Posted Dec 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in EPractize Labs Subscription Manager, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
SHA-256 | fcb92a958f7e825def7a96fd008976c9e602223cf374b2f8f965bdb0ba877ce0
Secunia Security Advisory 47127
Posted Dec 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Google Chrome, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | bc043b460e9b8b5fa7973713f296f437064f8e0bab69477ed0c25ff9ff68f597
Secunia Security Advisory 47128
Posted Dec 6, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness has been discovered in Opera, which can be exploited by malicious people to disclose sensitive information.

tags | advisory
SHA-256 | 52f45dc0f74460d671cf526d7dee71f947ac25bab78b04514f5472be968c94a4
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close