what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 55 RSS Feed

Files Date: 2012-03-07

Drupal Block Class 7.x Cross Site Scripting
Posted Mar 7, 2012
Authored by Katherine Senzee | Site drupal.org

The Drupal block class module allows users to add classes to any block through the block's configuration interface The class names in a block were not properly filtered. Someone with the ability to modify or create blocks could inject java script that would be rendered when viewing the block. Blockclass versions prior to 7.x-1.0 are affected.

tags | advisory, java
SHA-256 | ec7bd4f2b0130760b1ad706dd01c6bc46328b023aed6daade7ba77de5c659f50
Drupal UC PayDutchGroup / WeDeal Payment / Multisite Search Disclosure
Posted Mar 7, 2012
Authored by Justin C. Klein Keane, Rolf Meijer | Site drupal.org

UC PayDutchGroup / WeDeal payment integrates the PayDutchGroup / WeDeal payment gateway with Ubercart. The module exposes account credentials for the store's PayDutchGroup account under certain circumstances allowing a malicious user to login to the PayDutchGroup site as the store owner and manage the store owner's account. The vulnerability is mitigated by an attacker needing to gain an account with the ability to checkout of the store. Multisite Search allows you to index and search content from all sites in a Multisite configuration. The module doesn't sufficiently escape user input when constructing queries. The vulnerability is mitigated by the fact that in order to execute arbitrary sql injection malicious users must have the ability to administer multisite search.

tags | advisory, arbitrary, sql injection
SHA-256 | 821d0c201eeac6fac0f5db639e8b855cdeb11ae6a13a35cc6a819fb54a37c7ce
Drupal Data 6.x-1.x Cross Site Scripting
Posted Mar 7, 2012
Authored by Justin C. Klein Keane | Site drupal.org

The Drupal Data module 6.x-1.x versions prior to 6.x-1.0 suffer from a cross site scripting vulnerability.

tags | advisory, xss
SHA-256 | 70f531879deaaf37ddbaa94bb6cc139601124e7c2ba8a519650348b97938972d
HP Security Bulletin HPSBMU02744 SSRT100776
Posted Mar 7, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02744 SSRT100776 - A potential security vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows, solaris, hpux
advisories | CVE-2007-1858
SHA-256 | 7549abbd3e80b07c88f193c27b27cefcc9001254fe6fbd1bcebd72f3f03fe097
HP Security Bulletin HPSBUX02741 SSRT100728 2
Posted Mar 7, 2012
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02741 SSRT100728 2 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 2 of this advisory.

tags | advisory, web, denial of service, vulnerability
systems | hpux
advisories | CVE-2006-7243, CVE-2011-4858, CVE-2011-4885, CVE-2012-0022
SHA-256 | 55cdfcc13a7fe14d92fa9c28027368bdaa391209c80e57fec15c56acf2bdeff9
Fork CMS 3.2.5 Cross Site Scripting
Posted Mar 7, 2012
Authored by High-Tech Bridge SA | Site htbridge.com

Fork CMS version 3.2.5 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2012-1188
SHA-256 | 4b99695b62c24efb77d8225aa71a461fe8e4406fe345a819d426c1d12da808be
XCon 2012 XFocus Call For Papers
Posted Mar 7, 2012
Site xcon.xfocus.net

Call For Papers for XCon 2012. This conference will take place from August 14th through the 16th, 2012 in Beijing, China.

tags | paper, conference
SHA-256 | 45bdc46d0347c62dd83cbbf9a35e84518e9aa61dc4dc344a96efe7beaa3e0161
Iciniti Store 4.3.3683.31484 SQL Injection
Posted Mar 7, 2012
Site senseofsecurity.com.au

Iciniti Store version 4.3.3683.31484 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 468555f310e3babc2bec1e782bf7364b99eadd7c132f25fc01ef86f9aef13b79
Ubuntu Security Notice USN-1394-1
Posted Mar 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1394-1 - Aristide Fattori and Roberto Paleari reported a flaw in the Linux kernel's handling of IPv4 icmp packets. A remote user could exploit this to cause a denial of service. Vegard Nossum discovered a leak in the kernel's inotify_init() system call. A local, unprivileged user could exploit this to cause a denial of service. An error was discovered in the kernel's handling of CUSE (Character device in Userspace). A local attacker might exploit this flaw to escalate privilege, if access to /dev/cuse has been modified to allow non-root users. Various other issues were also addressed.

tags | advisory, remote, denial of service, kernel, local, root
systems | linux, ubuntu
advisories | CVE-2011-1927, CVE-2010-4250, CVE-2010-4650, CVE-2011-0006, CVE-2011-0716, CVE-2011-1476, CVE-2011-1477, CVE-2011-1759, CVE-2011-2182, CVE-2011-3619, CVE-2011-4621, CVE-2012-0038, CVE-2012-0044, CVE-2010-4250, CVE-2010-4650, CVE-2011-0006, CVE-2011-0716, CVE-2011-1476, CVE-2011-1477, CVE-2011-1759, CVE-2011-1927, CVE-2011-2182, CVE-2011-3619, CVE-2011-4621, CVE-2012-0038, CVE-2012-0044
SHA-256 | f05a67b15bd12222301eb6d247fe8806a3dc3d18a5f9a4b55842ab137cbdbfea
Debian Security Advisory 2429-1
Posted Mar 7, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2429-1 - Several security vulnerabilities were discovered in MySQL, a database management system. The vulnerabilities are addressed by upgrading MySQL to a new upstream version, 5.1.61, which includes additional changes, such as performance improvements and corrections for data loss defects.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492
SHA-256 | d4592c5ad8de29f047ece77a2e42b1d38a82d87058cef98da635405e98387e98
LeKommerce Online Shop SQL Injection
Posted Mar 7, 2012
Authored by Mazt0r

LeKommerce Online Shop suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | b3eb59aca087a0ffbe536718a683e74c53bd6e1789daf234db778d4d9726cb2a
Webfolio CMS 1.1.4 Cross Site Scripting
Posted Mar 7, 2012
Authored by Ivano Binetti

Webfolio CMS versions 1.1.4 and below suffer from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 93f6b868f021feffc6c34fae1946370d4c0b5076b89e10d2dac090857f503a57
Ubuntu Security Notice USN-1392-1
Posted Mar 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1392-1 - Ben Hutchings reported a flaw in the kernel's handling of corrupt LDM partitions. A local user could exploit this to cause a denial of service or escalate privileges.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2011-2182
SHA-256 | e3a1cb2d59c53f8534bcc574cde849ab64541e6674e02b848509d7c0c55f2c23
Ubuntu Security Notice USN-1391-1
Posted Mar 7, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2012-0038
SHA-256 | 93380b9c22addc34eb0c628c05822af9da3b79d264b702b626d3f59388748799
Red Hat Security Advisory 2012-0370-01
Posted Mar 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0370-01 - The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw was found in the way QEMU emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash QEMU or, possibly, escalate their privileges on the host.

tags | advisory, overflow, kernel
systems | linux, redhat
advisories | CVE-2012-0029
SHA-256 | 34beca2ea83efb46a5f87f92ce8b4275cf49f57036de0e7d9c3f569248566573
Red Hat Security Advisory 2012-0369-01
Posted Mar 7, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0369-01 - SQLAlchemy is an Object Relational Mapper that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. All users of python-sqlalchemy are advised to upgrade to this updated package, which contains a patch to correct this issue. All running applications using SQLAlchemy must be restarted for this update to take effect.

tags | advisory, sql injection, python
systems | linux, redhat
advisories | CVE-2012-0805
SHA-256 | 170335a11ed1ac32efbb25cd8394268712ed2aa3631e110f327da6a0ba26982f
Saman Portal Local File Inclusion
Posted Mar 7, 2012
Authored by TMT

Saman Portal suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | f245aeea6b3f77592cd6dfc9450697947d068c975c0e07a0e1db15820a8fbdaf
Introduction To Reverse Engineering x86
Posted Mar 7, 2012
Authored by Daniel Romero Perez

This whitepaper is titled Introduction to Reverse Engineering x86. Written in Spanish.

tags | paper, x86
SHA-256 | f1735b4979de2ce0b4794b58f0d141925c28cf0d9dca9af3785c4fbe40dabb99
Zorp Proxy Firewall Suite 3.9.5
Posted Mar 7, 2012
Authored by Balazs Scheidler | Site balabit.com

Zorp is a proxy firewall suite with its core architecture built around today's security demands. It uses application level proxies, is modular and component based, uses a script language to describe policy decisions, makes it possible to monitor encrypted traffic, lets you override client actions, and lets you protect your servers with its built in IDS capabilities.

Changes: Various updates.
tags | tool, firewall
systems | unix
SHA-256 | 22a9cc9e08d042d3967fdb9db22d919d77e53a58a2f493552f7a49ea9b170782
ImageFetcher.com SQL Injection
Posted Mar 7, 2012
Authored by AMC

ImageFetcher.com suffers from a remote SQL injection vulnerability. The researcher contacted the site with no luck in getting a response.

tags | exploit, remote, sql injection
SHA-256 | c0096bd4ab042011c73831be8b2484baa5d0724c7a1cbfbdaf821ef3c7bb6640
Jobrapido.com Cross Site Scripting
Posted Mar 7, 2012
Authored by Ivano Binetti

Jobrapido.com suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | a2d5de00e2e35e0f11abcafea3e0079a991fa50c325f344c91902feae0159b6e
Secunia Security Advisory 48257
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for spamdyke. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
systems | linux, gentoo
SHA-256 | e80f101dea596c284e4066c493c9e9d87e61b6ff805e73c21042ed87b8c4f81d
Secunia Security Advisory 48251
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, gentoo
SHA-256 | 9f75cdb69c2f29c18db4b1e914176bf0f7eea690562426078d57de08c7864b10
Secunia Security Advisory 48256
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for curl. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, hijack a user's session, manipulate certain data, and can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

tags | advisory, denial of service, spoof, vulnerability
systems | linux, gentoo
SHA-256 | 2e1d38993af456a422a3c869aa6cfbd2ac3b68f5d28b6b35461e7e2df3ba6afa
Secunia Security Advisory 48281
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to gain knowledge of potentially sensitive information or compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 3b583191ce1bde990fb87784459f8e4b123c5a7de9c778712999e48b39ef6aa7
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close