what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 63 RSS Feed

Files Date: 2013-01-08

Action Pack DoS / SQL Injection / Code Execution
Posted Jan 8, 2013
Authored by Jonathan Rudenberg, Ben Murphy, Bryan Helmkamp, Magnus Holm, Charlie Somerville, Aaron Patterson, Darcy Laycock, Benoist Claassen, Felix Wilhelm

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a denial of service attack on a Rails application.

tags | advisory, denial of service, arbitrary, sql injection, ruby
advisories | CVE-2013-0156
SHA-256 | e6b7d9e5b6b28e3c08ebdbbf557326661b4a8bf5291d91b70d108f5ac0ec4be1
Simple Exploitation Of Format String Vulnerabilities
Posted Jan 8, 2013
Authored by Jules Mainsard

This is a whitepaper that explains simple exploitation of format string vulnerabilities. Written in French.

tags | paper, vulnerability
SHA-256 | 37f50131a1fc960ed1176cc771053a11034b9363967b5e831038763416640365
IBM Cognos tm1admsd.exe Overflow
Posted Jan 8, 2013
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow in IBM Cognos Analytic Server Admin service. The vulnerability exists in the tm1admsd.exe component, due to a dangerous copy of user controlled data to the stack, via memcpy, without validating the supplied length and data. The module has been tested successfully on IBM Cognos Express 9.5 over Windows XP SP3.

tags | exploit, overflow
systems | windows
advisories | CVE-2012-0202, OSVDB-80876
SHA-256 | abf55a041edebfc9c10a71c63250d53ebae7935806c4ab38d15c7743ef4a47b2
WordPress Google Document Embedder Arbitrary File Disclosure
Posted Jan 8, 2013
Authored by Charlie Eriksen | Site metasploit.com

This Metasploit module exploits an arbitrary file disclosure flaw in the WordPress blogging software plugin known as Google Document Embedder. The vulnerability allows for database credential disclosure via the /libs/pdf.php script. The Google Document Embedder plug-in versions 2.4.6 and below are vulnerable. This exploit only works when the MySQL server is exposed on a accessible IP and Wordpress has filesystem write access. Please note: The admin password may get changed if the exploit does not run to the end.

tags | exploit, arbitrary, php
advisories | CVE-2012-4915, OSVDB-88891
SHA-256 | d86ee12abd38355eaa0ede874337844297f09019b89cae1d861c414675387207
Advantech WebAccess HMI/SCADA Cross Site Scripting
Posted Jan 8, 2013
Authored by Antu Sanadi | Site secpod.com

Advantech WebAccess HMI/SCADA software version 7.0-2012.12.05 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c464b8149b11c22b146cd1282f4bc0fb07c6fa07603793bf344a5c29515c7e5f
HP Security Bulletin HPSBUX02829 SSRT100883
Posted Jan 8, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02829 SSRT100883 - A potential security vulnerability has been identified with HP-UX running the X Font Server (xfs). The vulnerability could be exploited locally to create a Denial of Service (DoS), or allow unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service
systems | hpux
advisories | CVE-2012-1699
SHA-256 | 6b3e6d2d1d99270b32d7a3a374182d344a43f2e467d2f0c9f531e71192cd430e
EMC NetWorker Buffer Overflow
Posted Jan 8, 2013
Site emc.com

EMC NetWorker provides some of its services through the SunRPC remote procedure call mechanism. One of these services, nsrindexd, which listens on a dynamic port, exposes a SunRPC interface. A buffer overflow vulnerability exists in this service that could potentially be exploited by a malicious user to create a denial of service condition or execute arbitrary code on the vulnerable system in the context of the affected application, commonly system. Affected products include EMC NetWorker 7.5.x and earlier, EMC NetWorker 7.6.4 and earlier, and EMC NetWorker 8.0.0.5 and earlier.

tags | advisory, remote, denial of service, overflow, arbitrary
advisories | CVE-2012-4607
SHA-256 | 94887bfb88a7ec768c8b3fa36fd375f356522df36424e97753aceb5368089b26
Red Hat Security Advisory 2013-0126-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0126-01 - SquirrelMail is a standards-based webmail package written in PHP. The SquirrelMail security update RHSA-2012:0103 did not, unlike the erratum text stated, correct the CVE-2010-2813 issue, a flaw in the way SquirrelMail handled failed log in attempts. A user preference file was created when attempting to log in with a password containing an 8-bit character, even if the username was not valid. A remote attacker could use this flaw to eventually consume all hard disk space on the target SquirrelMail server.

tags | advisory, remote, php
systems | linux, redhat
advisories | CVE-2012-2124
SHA-256 | cc679a3ad023b0523dcc97f4dcfa93f202141d41ac914dfa97ecbe558e26a81d
Red Hat Security Advisory 2013-0125-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0125-01 - Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF capture files. If Wireshark opened a specially-crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file.

tags | advisory, denial of service, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2011-4102, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291
SHA-256 | eb30de7fd8f00a0a922069cfe6ff4ed5abf41c0cacda471253febe3314fe484d
Red Hat Security Advisory 2013-0128-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0128-01 - The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that luci stored usernames and passwords in session cookies. This issue prevented the session inactivity timeout feature from working correctly, and allowed attackers able to get access to a session cookie to obtain the victim's authentication credentials.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-3359
SHA-256 | 855f6a62fabf7a179a8b160989b5ec076ecc95d33ec735409cbfd4728e4791c4
Red Hat Security Advisory 2013-0124-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0124-01 - These packages provide various libraries and tools for the Simple Network Management Protocol. An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base subtree handled by the "extend" directive could use this flaw to crash snmpd via a crafted SNMP GET request.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2012-2141
SHA-256 | 7db5cea03514a11a2e3507239f67447087ee5946e2cb7c6cfee0cc2a888aa85b
Red Hat Security Advisory 2013-0123-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0123-01 - The OpenIPMI packages provide command line tools and utilities to access platform information using Intelligent Platform Management Interface. System administrators can use OpenIPMI to manage systems and to perform system health monitoring. It was discovered that the IPMI event daemon created its process ID file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. Note: This issue did not affect the default configuration of OpenIPMI as shipped with Red Hat Enterprise Linux 5.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2011-4339
SHA-256 | 2deae90ed110e0a7cb728df733255c88da19161c8fc16e2a5df7248e8222da5a
Red Hat Security Advisory 2013-0121-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0121-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the fix for the CVE-2009-4030 issue, a flaw in the way MySQL checked the paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives when the "datadir" option was configured with a relative path, was incorrectly removed when the mysql packages in Red Hat Enterprise Linux 5 were updated to version 5.0.95 via RHSA-2012:0127. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. This update re-applies the fix for CVE-2009-4030.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4452
SHA-256 | 17e3f371b831fa444dc7ad24136681e62ffa7eaa676fa8fdb0919f28a0afef0a
Red Hat Security Advisory 2013-0120-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0120-01 - The quota package provides system administration tools for monitoring and limiting user and group disk usage on file systems. It was discovered that the rpc.rquotad service did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. This issue was discovered by the Red Hat Security Response Team.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-3417
SHA-256 | ff1177b7c46b6ab9f91637fc56f08e7978406a622b31ba0afe7cbff89c838ce7
Red Hat Security Advisory 2013-0131-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0131-01 - The gnome-vfs2 packages provide the GNOME Virtual File System, which is the foundation of the Nautilus file manager. neon is an HTTP and WebDAV client library embedded in the gnome-vfs2 packages. A denial of service flaw was found in the neon Extensible Markup Language parser. Visiting a malicious DAV server with an application using gnome-vfs2 could possibly cause the application to consume an excessive amount of CPU and memory.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2009-2473
SHA-256 | 3c057a76e0d6c5aba4fb9501b417669da14d9d512290ed6a069391e767f2a71d
Red Hat Security Advisory 2013-0135-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0135-01 - GIMP Toolkit is a multi-platform toolkit for creating graphical user interfaces. An integer overflow flaw was found in the X BitMap image file loader in GTK+. A remote attacker could provide a specially-crafted XBM image file that, when opened in an application linked against GTK+, would cause the application to crash. Due to a bug in the Input Method GTK+ module, the usage of the Taiwanese Big5 locale led to the unexpected termination of certain applications, such as the GDM greeter. The bug has been fixed, and the Taiwanese locale no longer causes applications to terminate unexpectedly.

tags | advisory, remote, overflow
systems | linux, redhat
advisories | CVE-2012-2370
SHA-256 | c7d0b4ff245144db10ab17c19de7e89a4bca0456399043cb6a127f249bb13e02
Red Hat Security Advisory 2013-0130-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0130-01 - The httpd packages contain the Apache HTTP Server, which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users visiting the site.

tags | advisory, remote, web, arbitrary, xss
systems | linux, redhat
advisories | CVE-2008-0455, CVE-2008-0456, CVE-2012-2687
SHA-256 | 9a4d4c53e357db7749607126ae10e03812924ef69f9c0937ef9101bcaa818a7f
Red Hat Security Advisory 2013-0129-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0129-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. It was found that the RHSA-2011:0909 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted code to modify arbitrary, trusted strings, which safe level 4 restrictions would otherwise prevent.

tags | advisory, remote, arbitrary, ruby
systems | linux, redhat
advisories | CVE-2012-4481, CVE-2012-4522
SHA-256 | 4a55277a92d2dade3b633c2eeffa01ad800949b4e81e0fea84bee0fbc3123f94
Red Hat Security Advisory 2013-0134-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0134-01 - FreeRADIUS is an open-source Remote Authentication Dial-In User Service server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the "unix" module ignored the password expiration setting in "/etc/shadow". If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied.

tags | advisory, remote, protocol
systems | linux, redhat, unix
advisories | CVE-2011-4966
SHA-256 | 848f46811c7a202e3e0412d05ff40ab5c11f542e1a5cd15f8051c970c8c42ff8
Red Hat Security Advisory 2013-0133-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0133-01 - Hewlett-Packard Linux Imaging and Printing provides drivers for Hewlett-Packard printers and multifunction peripherals. It was found that the HP CUPS fax filter in HPLIP created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to a process using the fax filter.

tags | advisory, arbitrary, local
systems | linux, redhat
advisories | CVE-2011-2722
SHA-256 | 864be0b816d50568e5b04e4c73ea75fc418852e134f046ee23a10c2d327277c9
Red Hat Security Advisory 2013-0132-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0132-01 - The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts and unmounts file systems. A bug fix included in RHBA-2012:0264 introduced a denial of service flaw in autofs. When using autofs with LDAP, a local user could use this flaw to crash autofs, preventing future mount requests from being processed until the autofs service was restarted. Note: This flaw did not impact existing mounts.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2012-2697
SHA-256 | 720f57c83d08ed819b94959d4ed444c4544b0162da8e94337a1f83b3b313bd1e
Red Hat Security Advisory 2013-0127-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0127-01 - The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Bus and device IDs were ignored when attempting to attach multiple USB devices with identical vendor or product IDs to a guest. This could result in the wrong device being attached to a guest, giving that guest root access to the device.

tags | advisory, remote, root
systems | linux, redhat
advisories | CVE-2012-2693
SHA-256 | 9eee3959c95b479db624b570b1152bc483e3961b19ad04e5ce300f1e240a5cc7
Red Hat Security Advisory 2013-0122-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0122-01 - Tcl provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially-crafted regular expression, it would lead to excessive CPU and memory consumption.

tags | advisory, denial of service, protocol
systems | linux, redhat
advisories | CVE-2007-4772, CVE-2007-6067
SHA-256 | 097f731cac65ec29a8681b1f9b946d2651c2fd9851217bcbc377907f9baa8138
Cisco RV120W / RV220W Weak RSA Key Generation
Posted Jan 8, 2013
Authored by Slawek Rozbicki

Cisco RV120W and RV220W devices share some primes in RSA modules. It is possible to regenerate private key with ease using fast GCD (euklid based) operations on public key pairs.

tags | advisory
systems | cisco
SHA-256 | c5ee7884053ac0d97a9b105491eac031feea368878fa48c7f1904e5791c2aac8
MotoCMS 1.3.3 Password File Disclosure / Shell Upload
Posted Jan 8, 2013
Authored by Akastep

MotoCMS versions 1.3.3 and below suffer from password file disclosure and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, info disclosure
SHA-256 | 50ef5f1a3f0f908dddc8abdea740939f5d9baf76b7b62233a900f21d57fdd029
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close