what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files Date: 2010-10-22

Mandriva Linux Security Advisory 2010-211
Posted Oct 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-211 - The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2010-3173, CVE-2010-3174, CVE-2010-3175, CVE-2010-3176, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183
SHA-256 | c4aa2dae679ba79e24b8322c372a70db3de31777d295bd7bdc83df4e576d061f
Mandriva Linux Security Advisory 2010-210
Posted Oct 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-210 - Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Various other issues have also been addressed.

tags | advisory, remote, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2010-3170, CVE-2010-3173, CVE-2010-3174, CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183
SHA-256 | b49486071419be28e46150635739bbf1691dc4896d5fd2196ec5211581c260cf
PyProxy Proxy Hunter And Tester 9
Posted Oct 22, 2010
Authored by gunslinger | Site gunslingerc0de.wordpress.com

PyProxy Proxy Hunter and Tester version 9 high-level cross protocol proxy-hunter python library.

tags | protocol, python, library
SHA-256 | cba978bee526ceb35eb10cd5ce910c0b25b9b45364e32bfc6f7fb676d869f026
W-Agora 4.2.1 Cross Site Scripting / Local File Inclusion
Posted Oct 22, 2010
Authored by MustLive

W-Agora versions 4.2.1 and below suffer from cross site scripting and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | 34e4ef1db03fada054256f916dfe9cf40aced3ff3f65c9e4fe2b2e6d81cb2d78
Mandriva Linux Security Advisory 2010-209
Posted Oct 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-209 - A buffer overflow was discovered in libsmi when long OID was given in numerical form. This could lead to arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2010-2891
SHA-256 | cf7b44c0abecb921f207fc7f27c5244f40e3f24c3167eb87026c2974168fe890
Debian Linux Security Advisory 2122-1
Posted Oct 22, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2122-1 - Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2010-3847, CVE-2010-3856
SHA-256 | 857fca073644547dae968ea11ffbcdca81c4d210891ea09f1af7219cd193c2c6
GNU C Library Dynamic Linker Arbitrary DSO dlopen
Posted Oct 22, 2010
Authored by Tavis Ormandy

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

tags | exploit, arbitrary
advisories | CVE-2010-3856
SHA-256 | 56712911c7ae4fe887c781b84ff85146b9dcdb7cd4f854c31d844764ea7f5191
HP Security Bulletin HPSBMA02593 SSRT100237
Posted Oct 22, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02593 SSRT100237 - A potential security vulnerability has been identified in HP Virtual Connect Enterprise Manager (VCEM) for Windows. The vulnerability could be exploited remotely to download arbitrary files. Revision 1 of this advisory.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2010-3986
SHA-256 | 9b417f8a3b89f033a8c2a022a3bde58caf421466dfba6f41bc28cec6afb3874d
Spider Player 2.4.5 Denial Of Service
Posted Oct 22, 2010
Authored by Abdi Mohamed

Spider Player version 2.4.5 suffers from a denial of service vulnerability.

tags | exploit, denial of service
SHA-256 | 642dc26d6c15a5cae279107e02180ac799795066cab5e7fc6aa726488ceaa74a
Internet Explorer Cross-Origin Leak
Posted Oct 22, 2010
Authored by Chris Evans

Microsoft Internet Explorer suffers from a cross-origin leak vulnerability.

tags | advisory
SHA-256 | 53499dc63a1db7878a76102343c1baf73d12e3bc3f97685e9fc61b7aa875f0dd
Ubuntu Security Notice 1008-2
Posted Oct 22, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1008-2 - Libvirt in Ubuntu 10.04 LTS now no longer probes qemu disks for the image format and defaults to 'raw' when the format is not specified in the XML. This change in behavior breaks virt-install --import because virtinst in Ubuntu 10.04 LTS did not allow for specifying a disk format and does not specify a format in the XML. This update adds the 'format=' option when specifying a disk. Original advisory notes that it was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.

tags | advisory, arbitrary
systems | linux, ubuntu
SHA-256 | 4d8e02c3a4d091d01b98eb080d057e61ab552e957bde8a3214bbd12d6c7d4a0b
Secunia Security Advisory 41936
Posted Oct 22, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in iWiccle, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 6cf84b8c6012aa71e33e8378f9ae726bb52cd6fcd47a872f3f840a34ef713f24
Secunia Security Advisory 41931
Posted Oct 22, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - J. Greil has discovered multiple vulnerabilities in Sawmill, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, vulnerability, xss
SHA-256 | cd8527aa6fa6cc0ba69ce6b7cf8d8816fb945fbd15de6d888740bc047672ec10
Secunia Security Advisory 41944
Posted Oct 22, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Chris Evans has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | f3e88a50734501ee7b2248c16d43dbf585e57e7d91c00a4802d1e6b2a54af5a7
Secunia Security Advisory 41894
Posted Oct 22, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A weakness and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information and conduct cross-site scripting attacks.

tags | advisory, denial of service, local, vulnerability, xss
SHA-256 | de1b1fc493d72b8d749d034af4652da2a40f10c2c8de8ff0e32b3b9bc71760ab
Mandriva Linux Security Advisory 2010-208
Posted Oct 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-208 - It has been discovered that eight denial of service conditions exist in libpurple all due to insufficient validation of the return value from purple_base64_decode(). Invalid or malformed data received in place of a valid base64-encoded value in portions of the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support trigger a crash. These vulnerabilities can be leveraged by a remote user for denial of service.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, mandriva
advisories | CVE-2010-3711
SHA-256 | 2dcc45f1140e070e5166be26b8d3ee85ca8334858f66c04bf67550e965a60fef
Pecio CMS 2.0.5 Cross Site Scripting
Posted Oct 22, 2010
Authored by Antu Sanadi | Site secpod.com

Pecio CMS version 2.0.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 05dc4479ffde12054111c5b44dadfafa2c5120d85eb6482e1494df7de92e8cf7
Wiccle Web Builder CMS / iWiccle CMS Community Builder Cross Site Scripting
Posted Oct 22, 2010
Authored by Veerendra G.G | Site secpod.com

Wiccle Web Builder CMS and iWiccle CMS Community Builder both suffer from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 131b387ddda597eea6f5958b0702c023bd31d235e6b60d19fce3e2b40dd9604d
Ubuntu Security Notice 1008-1
Posted Oct 22, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1008-1 - It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-2237, CVE-2010-2238, CVE-2010-2239, CVE-2010-2242
SHA-256 | c064ab38868a95bbd59b13f2896302bf08bc54ede0f09b2e2a8362053a7462e5
Adobe Shockwave Player Memory Corruption
Posted Oct 22, 2010
Authored by Abysssec, Shahin | Site abysssec.com

Adobe Shockwave Player suffers from a rcsL chunk memory corruption vulnerability. This affects version 11.5.8.612 and possibly prior versions as well.

tags | exploit
SHA-256 | 19c623243755d4e723f8bafe5e6b21f7bc24f231ced44057c528a648edd4ae9e
Sawmill Enterprise Code Execution / Cross Site Request Forgery / Cross Site Scripting
Posted Oct 22, 2010
Authored by Johannes Greil | Site sec-consult.com

Sawmill Enterprise versions prior to 8.1.7.3 suffers from arbitrary code execution, cross site request forgery, cross site scripting and various other vulnerabilities. suffers from buffer overflow, cross site request forgery, cross site scripting and file disclosure vulnerabilities.

tags | exploit, overflow, arbitrary, vulnerability, code execution, xss, csrf
SHA-256 | 2bd10f0a3d3cc78cbdd70e360341145cdcc41d59f78c199e223b197ec74303a1
Squirrelcart PRO 3.0.0 Blind SQL Injection
Posted Oct 22, 2010
Authored by Salvatore Fresta

Squirrelcart PRO version 3.0.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 240276667d87c9d02ced8d4a4562ea465e0ea1d9039cda58277ea31e5bea9ea2
HP Security Bulletin HPSBMA02596 SSRT100271
Posted Oct 22, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02596 SSRT100271 - A potential security vulnerability has been identified in HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Revision 1 of this advisory.

tags | advisory, xss
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2010-3291
SHA-256 | 5cb27aaadce212727e1fb1b7d6053f27b3c3f046ab99308fbdb5f12747debf67
HP Security Bulletin HPSBMA02592 SSRT100300
Posted Oct 22, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02592 SSRT100300 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows running Adobe Flash. The vulnerabilities could be exploited remotely resulting in execution of arbitrary code, Denial of Service (DoS), and unauthorized modification. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, windows, hpux
advisories | CVE-2010-0209
SHA-256 | ed7bca84d41ba120ee86c4bc10906b785b5840de9ba41f6163285c718f510e73
HP Security Bulletin HPSBMA02591 SSRT100299
Posted Oct 22, 2010
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin HPSBMA02591 SSRT100299 - Potential security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited remotely resulting in cross site request forgery (CSRF), cross site scripting (XSS), and privilege escalation. Revision 1 of this advisory.

tags | advisory, vulnerability, xss, csrf
systems | linux, windows, hpux
advisories | CVE-2010-3288, CVE-2010-3289, CVE-2010-3290
SHA-256 | 36b03398e5c2de3131e9eba0578be33ca589245e6201650f2a48454b9415e19a
Page 1 of 2
Back12Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close