what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 53 RSS Feed

Files Date: 2011-09-28

Ubuntu Security Notice USN-1210-1
Posted Sep 28, 2011
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1210-1 - Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas discovered multiple memory vulnerabilities in the browser rendering engine. An attacker could use these to possibly execute arbitrary code with the privileges of the user invoking Firefox. Boris Zbarsky discovered that a frame named "location" could shadow the window.location object unless a script in a page grabbed a reference to the true object before the frame was created. This is in violation of the Same Origin Policy. A malicious website could possibly use this to access another website or the local file system. Various other issues were also addressed.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2011-2372, CVE-2011-2995, CVE-2011-2996, CVE-2011-2999, CVE-2011-3000, CVE-2011-3001
SHA-256 | 7dbccee48a7450ce7c829e91fe6ad680a38feedc2ba421a2771127dad6690fd9
Mandriva Linux Security Advisory 2011-138
Posted Sep 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-138 - This advisory updates wireshark to the latest version (1.6.2), fixing several security issues. Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory. The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service via a malformed packet. Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service via a malformed capture file that leads to an invalid root tvbuff, related to a buffer exception handling vulnerability. The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service via a malformed packet. The updated packages have been upgraded to the latest 1.6.x version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, local, root, trojan
systems | linux, mandriva
advisories | CVE-2011-3360, CVE-2011-3482, CVE-2011-3483, CVE-2011-3484
SHA-256 | 1be2ff4344b88429c4b45236683821e4090a102fcfdcdb92236828617d266698
Mandriva Linux Security Advisory 2011-137
Posted Sep 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-137 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation. crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8s and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages, which allows remote attackers to cause a denial of service via out-of-order messages that violate the TLS protocol.

tags | advisory, remote, denial of service, cryptography, protocol
systems | linux, mandriva
advisories | CVE-2011-1945, CVE-2011-3207, CVE-2011-3210
SHA-256 | 83fe8b76f3683d9eb0fcf02ef6b3ea18f900160bf76d8b38af1184c342723125
Mandriva Linux Security Advisory 2011-136
Posted Sep 28, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-136 - The elliptic curve cryptography subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-1945
SHA-256 | e3765f04fd3fa848a54e5b3241f978ebdaf604daafd27e5b928651631fa7179c
iDefense Security Advisory 09.26.11 - Novell Groupwise Memory Corruption
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2662
SHA-256 | c3a21b221a5ca43b424d4c87ecdc5132c8fd5e83be4966ed52bb847af74da8e6
iDefense Security Advisory 09.26.11 - Novell Groupwise Memory Corruption
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs yearly. When adding a sequence of dates, it is possible to trigger an invalid array indexing vulnerability, and write beyond the bounds of a heap buffer. This can lead to the execution of arbitrary code. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2663
SHA-256 | e0e79989e42a8350fda243c95b2a87e6ecde82bbd0ea9bc0fb9a7e5eab17ade1
iDefense Security Advisory 09.26.11 - Novell Groupwise Heap Overflow
Posted Sep 28, 2011
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 09.26.11 - Remote exploitation of a heap overflow vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs on weekdays. A heap based buffer overflow can be triggered due to the lack of checks to ensure that there is enough space in the buffer to hold all of the RRULE entry data. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-4325
SHA-256 | 74cad0c15a570d196b3c7330c61160de1f4e97c9b98ebe52b30ebecc7523282c
FreeBSD Security Advisory - UNIX-domain Sockets Buffer Overflow
Posted Sep 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - When a UNIX-domain socket is attached to a location using the bind(2) system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. A local user can cause the FreeBSD kernel to panic. It may also be possible to execute code with elevated privileges ("gain root"), escape from a jail, or to bypass security mechanisms in other ways.

tags | advisory, kernel, local, root
systems | unix, freebsd
SHA-256 | 90c70fca348e56d74499aa09d49020d5bbfb6758cde3a0c5eb8220e687826572
FreeBSD Security Advisory - compress Boundary Checks
Posted Sep 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - The code used to decompress a file created by compress(1) does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted file.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2011-2895
SHA-256 | 56febab158d830afcb2df839a7a95ac3e1a7fab7a28a063e7e3fb77d6e868228
Hacking Your Droid
Posted Sep 28, 2011
Authored by Aditya Gupta

A whitepaper on the basics of Android and reverse engineering of Android applications.

tags | paper
SHA-256 | 3a7c611870da5531d81c577fdf35fe9dc0af53466f037facf67b7aa647b36b60
Cisco Security Advisory 20110928-ipsla
Posted Sep 28, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS IP Service Level Agreement (IP SLA) feature contains a denial of service (DoS) vulnerability. The vulnerability is triggered when malformed UDP packets are sent to a vulnerable device. The vulnerable UDP port numbers depend on the device configuration. Default ports are not used for the vulnerable UDP IP SLA operation or for the UDP responder ports. Cisco has released free software updates that address this vulnerability.

tags | advisory, denial of service, udp
systems | cisco
advisories | CVE-2011-3272
SHA-256 | 8afb0a933ae726a37083974b6edfb4286fe02ce52c35a4f68e9a52527e931a5d
Cisco Security Advisory 20110928-smart-install
Posted Sep 28, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability exists in the Smart Install feature of Cisco Catalyst Switches running Cisco IOS Software that could allow an unauthenticated, remote attacker to perform remote code execution on the affected device. Cisco has released free software updates that address this vulnerability. There are no workarounds available to mitigate this vulnerability other than disabling the Smart Install feature.

tags | advisory, remote, code execution
systems | cisco
advisories | CVE-2011-3271
SHA-256 | 30ed0013cb4d5700a0c23989105d6c2f67a01ac48fda81f2c50cd3b61cff7904
Cisco Security Advisory 20110928-zbfw
Posted Sep 28, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco IOS Software contains two vulnerabilities related to Cisco IOS Intrusion Prevention System (IPS) and Cisco IOS Zone-Based Firewall features.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2011-3273, CVE-2011-3281
SHA-256 | 9e20f1f90416b651deeab8b2cf059be0432ae5c35145f7039e3a54ff50f68bbc
Cisco Security Advisory 20110928-xcpcupsxml
Posted Sep 28, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A denial of service (DoS) vulnerability exists in Jabber Extensible Communications Platform (Jabber XCP) and Cisco Unified Presence. An unauthenticated, remote attacker could exploit this vulnerability by sending malicious XML to an affected server. Successful exploitation of this vulnerability could cause elevated memory and CPU utilization, resulting in memory exhaustion and process crashes. Repeated exploitation could result in a sustained DoS condition. There are no workarounds available to mitigate exploitation of this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
advisories | CVE-2011-3287, CVE-2011-3288
SHA-256 | a1d9dd0dc2a21a545fe286133f4295ddebf8ededd7568b3f907daf79a585397e
Cisco Security Advisory 20110928-cucm
Posted Sep 28, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco Unified Communications Manager contains a memory leak vulnerability that could be triggered through the processing of malformed Session Initiation Protocol (SIP) messages. Exploitation of this vulnerability could cause an interruption of voice services. Cisco has released free software updates for supported Cisco Unified Communications Manager versions to address the vulnerability. A workaround exists for this SIP vulnerability.

tags | advisory, protocol, memory leak
systems | cisco
advisories | CVE-2011-2072
SHA-256 | a5f1927958aa4c1612f94d0917d625ae14208a68fe421f75813a8f60c2bc9f7e
Cisco Security Advisory 20110928-sip
Posted Sep 28, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device or trigger memory leaks that may result in system instabilities. Affected devices would need to be configured to process SIP messages for these vulnerabilities to be exploitable. Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.

tags | advisory, remote, vulnerability, protocol, memory leak
systems | cisco, osx
advisories | CVE-2011-0939, CVE-2011-2072, CVE-2011-3275
SHA-256 | 3e5c649daea98f2fca96808c0596078230f8dd81427f67c139229f5446d49360
PcVue 10.0 Code Execution / Overflow
Posted Sep 28, 2011
Authored by Luigi Auriemma | Site aluigi.altervista.org

PcVue versions 10.0 and below suffer from code execution, file corruption, and an array overflow.

tags | exploit, overflow, code execution
systems | linux
SHA-256 | 2b492fc5f7687d09c964607ba7f43df83758c2deffbd132dac6f74f247ee0d92
Traq 2.2 Cross Site Scripting / SQL Injection
Posted Sep 28, 2011
Authored by High-Tech Bridge SA | Site htbridge.com

Traq version 2.2 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 22668c0c2e29e4f3d963fd3af1239678b004998c24ca0e5ea0fa0821bc184a72
Novell GroupWise Calendar BYWEEKNO Memory Corruption
Posted Sep 28, 2011
Authored by Alexandre Pelletier, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "ICalProcessYearlyRule()" function within the "gwwww1.dll" component when processing a malformed "BYWEEKNO" property in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.

tags | advisory, remote, overflow
SHA-256 | db76992fc18da1157668a6a0332cdb40c29764ed690037608ce8caa1dc451bd4
Novell GroupWise Calendar integerList Buffer Overflow
Posted Sep 28, 2011
Authored by Sebastien Renaud, VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Novell GroupWise. The vulnerability is caused by a buffer overflow error in the "NgwIRecurParam::integerList()" function within the "gwwww1.dll" component when processing a malformed "RRULE" integer list in a Calendar, which could be exploited by remote unauthenticated attackers to compromise a vulnerable server via a specially crafted email message. Versions 8.0.2 SP2 Hot Patch 2 and below are affected.

tags | advisory, remote, overflow
SHA-256 | d697fda1f2bceeef87278e911dee69649d6ee0b25eb8e452101f1275579c8d3a
FreeBSD Security Advisory - named Denial Of Service
Posted Sep 28, 2011
Site security.freebsd.org

FreeBSD Security Advisory - A logic error in the BIND code causes the BIND daemon to accept bogus data, which could cause the daemon to crash.

tags | advisory
systems | freebsd
advisories | CVE-2011-2464
SHA-256 | c21e64c2f2aa94b36262f7c921be33cd4195b26c049f52e436c3a4f598e601bf
Redmind Online-Shop / E-Commerce System SQL Injection
Posted Sep 28, 2011
Authored by Mbah Semar

Redmind Online Shop / E-Commerce System suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9877e42fe4ffb7c121a402e750e53812c641b531acd65aa7ab1c034bbeefc9bf
Jarida 1.0 SQL Injection
Posted Sep 28, 2011
Authored by Ptrace Security

Jarida version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 6e69a004b6c0c2fc4f4ba41279ce2c180e6ce87f14cddbda91162dd39ae19510
WordPress Mingle Forum 1.0.31 SQL Injection
Posted Sep 28, 2011
Authored by Miroslav Stampar

WordPress Mingle Forum plugin versions 1.0.31 and below suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | c654afe3a55693ffb3374390dd876112a0eb7f3eeba8ef92d756f940cf428205
Cisco Security Advisory 20110928-nat
Posted Sep 28, 2011
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Cisco IOS Software network address translation (NAT) feature contains multiple denial of service (DoS) vulnerabilities in the translation of multiple protocols. Cisco has released free software updates that address these vulnerabilities.

tags | advisory, denial of service, vulnerability, protocol
systems | cisco
advisories | CVE-2011-0946, CVE-2011-3276, CVE-2011-3277, CVE-2011-3278, CVE-2011-3279, CVE-2011-3280
SHA-256 | e071e8cf0c9a04c74dd457a5df6b6f75145eca329e618d38d8ba34088be76e8f
Page 1 of 3
Back123Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close