what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2013-06-18 to 2013-06-19

FreeBSD Security Advisory - mmap Privilege Escalation
Posted Jun 18, 2013
Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient permission checks in the virtual memory system, a tracing process (such as a debugger) may be able to modify portions of the traced process's address space to which the traced process itself does not have write access. This error can be exploited to allow unauthorized modification of an arbitrary file to which the attacker has read access, but not write access. Depending on the file and the nature of the modifications, this can result in privilege escalation. To exploit this vulnerability, an attacker must be able to run arbitrary code with user privileges on the target system.

tags | advisory, arbitrary
systems | freebsd
advisories | CVE-2013-2171
SHA-256 | 46c9d0684ffdd8c4787e60e14015a9e757b66b443d2622296e77fbdbc855860a
Apache Santuario XML Security For C++ Signature Bypass
Posted Jun 18, 2013
Authored by James Forshaw

The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content. The vulnerability affects only applications that do not perform proper checking/analysis of the content of the Reference elements in the Signature, but the bug exacerbates this problem by opening such applications to attacks using arbitrary content, instead of just attacks involving malicious, but signed, content. Versions prior to 1.7.1 are affected.

tags | advisory, arbitrary, spoof
advisories | CVE-2013-2153
SHA-256 | f4cc52eebffe98291d0852b7719520ff57e20f3844e5293b69e302a109d1c520
Technical Cyber Security Alert 2013-168A
Posted Jun 18, 2013
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert 2013-168A - Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

tags | advisory, vulnerability
SHA-256 | cf7f30c9457212d92f6b62a38f0d54e3832e152a6b96e1732817a0a55735ef2c
Ubuntu Security Notice USN-1884-1
Posted Jun 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1884-1 - It was discovered that LibRaw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against LibRaw could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-2126
SHA-256 | af2f3c18279a4d4ad6d10e905a3caf640120ee29feebb1726755729b0ffba8bd
Ubuntu Security Notice USN-1885-1
Posted Jun 18, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1885-1 - It was discovered that libKDcraw incorrectly handled broken full-color images. If a user or automated system were tricked into processing a specially crafted raw image, applications linked against libKDcraw could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-2126
SHA-256 | 745dd16e66aaa77d962d55ef226b8a36fe3d76733bda43245338ea5d58832c7a
Debian Security Advisory 2710-1
Posted Jun 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2710-1 - James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2013-2153, CVE-2013-2154, CVE-2013-2155, CVE-2013-2156
SHA-256 | 9115a6092e44a563c15e997a4b11c3f9292f19c14422c4354bf87e64e409defa
Red Hat Security Advisory 2013-0953-01
Posted Jun 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0953-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server.

tags | advisory, java, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2011-2487, CVE-2011-2730, CVE-2012-5575
SHA-256 | 4f9e2960fda4e62a5f6b93721a0f7321b3180fe0d9a8f7f628aa10ee6222b1c2
Apple Security Advisory 2013-06-18-1
Posted Jun 18, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-06-18-1 - Java for OS X 2013-004 and Mac OS X v10.6 Update 16 are now available and addresses multiple vulnerabilities that include arbitrary code execution issues.

tags | advisory, java, arbitrary, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468
SHA-256 | f8e9f7d76bd910c50d277b999c12859be24a831c1a38b126a92577609223f014
Joomla Cryptography Weakness
Posted Jun 18, 2013
Authored by Marco Beierer

All current and past versions of Joomla up to 1.5.26, 2.5.11, and 3.1.1 use ECB mode when performing encryption with JCryptCipherSimple.

tags | exploit
SHA-256 | 056f3c648624085ce973d974be3e5ffcb05a2aa6b08a0a39b5ff0b00c4f7686a
Apache Santuario XML Security For C++ Heap Overflow
Posted Jun 18, 2013
Authored by James Forshaw

A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution. If verification of the signature occurs prior to actual evaluation of a signing key, this could be exploited by an unauthenticated attacker. Apache Santuario XML Security for C++ library versions prior to 1.7.1 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2156
SHA-256 | 8d2ae10fa63742af710c4959f5b09bc760cf1e6de68ca6c11e5d303b15106ce4
Apache Santuario XML Security For C++ Denial Of Service / Bypass
Posted Jun 18, 2013
Authored by James Forshaw

A bug exists in the processing of the output length of an HMAC-based XML Signature that would cause a denial of service when processing specially chosen input. Exploitation of this issue does not require authenticated content. In very unusual cases, inputs could be chosen in such a way that the fix for the issue in CVE-2009-0217 could be bypassed, enabling improper verification of a signature. Versions prior to 1.7.1 are affected.

tags | advisory, denial of service
advisories | CVE-2013-2155
SHA-256 | 4ed699c9710bffc9e07a34e7f30bd97e55b2305af63662dc2f499d685d727662
Apache Santuario XML Security For C++ Stack Overflow
Posted Jun 18, 2013
Authored by James Forshaw

A stack overflow, possibly leading to arbitrary code execution, exists in the processing of malformed XPointer expressions in the XML Signature Reference processing code. An attacker could use this to exploit an application performing signature verification if the application does not block the evaluation of such references prior to performing the verification step. The exploit would occur prior to the actual verification of the signature, so does not require authenticated content. Versions prior to 1.7.1 are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2013-2154
SHA-256 | af0afeb75458291b861cf5f636dc2a226e089a6059ccbe7118f0979ffd301af2
Canon Printer DoS / Secret Disclosure
Posted Jun 18, 2013
Authored by Matt Andreko

Various Canon printers suffer from a lack of password authentication, denial of service, and WEP/WPA/WPA2 secret disclosure vulnerabilities. Models affected include, but are not limited to, MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, and MX920.

tags | exploit, denial of service, vulnerability, info disclosure
advisories | CVE-2013-4613, CVE-2013-4614, CVE-2013-4615
SHA-256 | e6fe9b64dfedd1825acdce35d794eab613d2db78380ac3ba1cd3a4e3f484e8bc
imacs CMS 0.3.0 Shell Upload
Posted Jun 18, 2013
Authored by CWH Underground

imacs CMS version 0.3.0 remote shell upload exploit.

tags | exploit, remote, shell
SHA-256 | 34c09e05c941242d343fb28e2f634ca4846414d6d7e2985667dc792bc4b4ee87
Et-Chat 3.07 Privilege Escalation / Shell Upload
Posted Jun 18, 2013
Authored by Mr.XpR

Et-Chat version 3.07 suffers from a privilege escalation vulnerability that then enables a user to upload a shell.

tags | exploit, shell
SHA-256 | 0e5c91de166e96816038a7f98567514c202036f0f1912a66b14cb371c8775dc2
Debian Security Advisory 2709-1
Posted Jun 18, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2709-1 - Multiple vulnerabilities were discovered in the dissectors for CAPWAP, GMR-1 BCCH, PPP, NBAP, RDP, HTTP, DCP ETSI and in the Ixia IxVeriWave file parser, which could result in denial of service or the execution of arbitrary code.

tags | advisory, web, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2013-4074, CVE-2013-4075, CVE-2013-4076, CVE-2013-4077, CVE-2013-4078, CVE-2013-4081, CVE-2013-4082, CVE-2013-4083
SHA-256 | a7fb711b73cfed6976e923faf31729f4fa313fcadcf3e7aa1c138ad5a4c3699c
Mandriva Linux Security Advisory 2013-175
Posted Jun 18, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-175 - Cross-site scripting vulnerabilities in js/viewer.js inside the files_videoviewer application via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and 4.5.12 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. Cross-site scripting vulnerabilities in core/js/oc-dialogs.js via multiple unspecified vectors in all ownCloud versions prior to 5.0.7 and other versions before 4.0.16 allows authenticated remote attackers to inject arbitrary web script or HTML via shared files. This advisory provides the latest versions of owncloud which is not vulnerable to these issues.

tags | advisory, remote, web, arbitrary, vulnerability, xss
systems | linux, mandriva
advisories | CVE-2013-2150, CVE-2013-2149
SHA-256 | 16f100b70ba225304cca8fb72249be12ecd48ace8433b1c00a0c74d79b895e96
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close