Files ≈ Packet Storm

Files ≈ Packet Storm Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 08:11:19 GMT Packet Storm 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1697582528&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F1009-advisories%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1697582528.1338192679.1338192679.1338192679.1%3B%2B__utmz%3D32867617.1338192679.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) Ubuntu Security Notice USN-1202-1 http://packetstormsecurity.org/files/105078/USN-1202-1.txt http://packetstormsecurity.org/files/105078/USN-1202-1.txt http://packetstormsecurity.org/files/105078/Ubuntu-Security-Notice-USN-1202-1.html Wed, 14 Sep 2011 05:10:56 GMT Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Various other issues were also addressed. Month Of Abysssec Undisclosed Bugs - Microsoft Unicode Scripts Processor http://packetstormsecurity.org/files/94408/moaub30-msunicode.pdf http://packetstormsecurity.org/files/94408/moaub30-msunicode.pdf http://packetstormsecurity.org/files/94408/Month-Of-Abysssec-Undisclosed-Bugs-Microsoft-Unicode-Scripts-Processor.html Fri, 01 Oct 2010 02:33:27 GMT Month Of Abysssec Undisclosed Bugs - The Microsoft unicode scripts processor suffers from a remote code execution vulnerability. Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart http://packetstormsecurity.org/files/94406/moaub30-aspmass.pdf http://packetstormsecurity.org/files/94406/moaub30-aspmass.pdf http://packetstormsecurity.org/files/94406/Month-Of-Abysssec-Undisclosed-Bugs-ASPMass-Shopping-Cart.html Fri, 01 Oct 2010 02:30:09 GMT Month Of Abysssec Undisclosed Bugs - ASPMass Shopping Cart suffers from a file upload cross site request forgery vulnerability. Mandriva Linux Security Advisory 2010-190 http://packetstormsecurity.org/files/94387/MDVSA-2010-190.txt http://packetstormsecurity.org/files/94387/MDVSA-2010-190.txt http://packetstormsecurity.org/files/94387/Mandriva-Linux-Security-Advisory-2010-190.html Thu, 30 Sep 2010 16:44:36 GMT Mandriva Linux Security Advisory 2010-190 - libtiff allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image. The updated packages have been patched to correct this issue. HP Security Bulletin HPSBMA02558 SSRT100158 http://packetstormsecurity.org/files/94384/HPSBMA02558-SSRT100158.txt http://packetstormsecurity.org/files/94384/HPSBMA02558-SSRT100158.txt http://packetstormsecurity.org/files/94384/HP-Security-Bulletin-HPSBMA02558-SSRT100158.html Thu, 30 Sep 2010 16:30:29 GMT HP Security Bulletin HPSBMA02558 SSRT100158 - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code under the context of the user running the web server. Revision 3 of this advisory. VMware Security Advisory 2010-0015 http://packetstormsecurity.org/files/94383/VMSA-2010-0015.txt http://packetstormsecurity.org/files/94383/VMSA-2010-0015.txt http://packetstormsecurity.org/files/94383/VMware-Security-Advisory-2010-0015.html Thu, 30 Sep 2010 16:07:42 GMT VMware Security Advisory 2010-0015 - ESX 4.0 Console OS (COS) updates for NSS_db, OpenLDAP, cURL, sudo OpenSSL, GnuTLS, NSS and NSPR packages. Secunia Security Advisory 41667 http://packetstormsecurity.org/files/94418/sa41667.txt http://packetstormsecurity.org/files/94418/sa41667.txt http://packetstormsecurity.org/files/94418/Secunia-Security-Advisory-41667.html Thu, 30 Sep 2010 06:48:51 GMT Secunia Security Advisory - Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities and weaknesses, which can be exploited by malicious local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or gain escalated privileges, and by malicious people to disclose potentially sensitive information. Secunia Security Advisory 41659 http://packetstormsecurity.org/files/94412/sa41659.txt http://packetstormsecurity.org/files/94412/sa41659.txt http://packetstormsecurity.org/files/94412/Secunia-Security-Advisory-41659.html Thu, 30 Sep 2010 06:40:28 GMT Secunia Security Advisory - Ubuntu has issued an update for libgdiplus. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library. Secunia Security Advisory 41658 http://packetstormsecurity.org/files/94403/sa41658.txt http://packetstormsecurity.org/files/94403/sa41658.txt http://packetstormsecurity.org/files/94403/Secunia-Security-Advisory-41658.html Thu, 30 Sep 2010 06:25:38 GMT Secunia Security Advisory - Ubuntu has issued an update for libhx. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. Secunia Security Advisory 41642 http://packetstormsecurity.org/files/94402/sa41642.txt http://packetstormsecurity.org/files/94402/sa41642.txt http://packetstormsecurity.org/files/94402/Secunia-Security-Advisory-41642.html Thu, 30 Sep 2010 06:25:35 GMT Secunia Security Advisory - Gentoo has acknowledged some security issues in fence, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Secunia Security Advisory 41619 http://packetstormsecurity.org/files/94401/sa41619.txt http://packetstormsecurity.org/files/94401/sa41619.txt http://packetstormsecurity.org/files/94401/Secunia-Security-Advisory-41619.html Thu, 30 Sep 2010 06:25:33 GMT Secunia Security Advisory - A vulnerability has been discovered in Pluck, which can be exploited by malicious people to conduct cross-site request forgery attacks. Secunia Security Advisory 41629 http://packetstormsecurity.org/files/94400/sa41629.txt http://packetstormsecurity.org/files/94400/sa41629.txt http://packetstormsecurity.org/files/94400/Secunia-Security-Advisory-41629.html Thu, 30 Sep 2010 06:25:30 GMT Secunia Security Advisory - High-Tech Bridge SA has discovered a vulnerability in Zimplit, which can be exploited by malicious people to conduct cross-site request forgery attacks. Secunia Security Advisory 41669 http://packetstormsecurity.org/files/94399/sa41669.txt http://packetstormsecurity.org/files/94399/sa41669.txt http://packetstormsecurity.org/files/94399/Secunia-Security-Advisory-41669.html Thu, 30 Sep 2010 06:25:27 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in the Imagemenu module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Secunia Security Advisory 41676 http://packetstormsecurity.org/files/94398/sa41676.txt http://packetstormsecurity.org/files/94398/sa41676.txt http://packetstormsecurity.org/files/94398/Secunia-Security-Advisory-41676.html Thu, 30 Sep 2010 06:25:25 GMT Secunia Security Advisory - A vulnerability has been reported in the Imagemenu module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks. Secunia Security Advisory 41661 http://packetstormsecurity.org/files/94397/sa41661.txt http://packetstormsecurity.org/files/94397/sa41661.txt http://packetstormsecurity.org/files/94397/Secunia-Security-Advisory-41661.html Thu, 30 Sep 2010 06:25:22 GMT Secunia Security Advisory - A vulnerability has been reported in the PECL Alternative PHP Cache (APC) extension, which can potentially be exploited by malicious people to conduct cross-site scripting attacks. Secunia Security Advisory 41663 http://packetstormsecurity.org/files/94396/sa41663.txt http://packetstormsecurity.org/files/94396/sa41663.txt http://packetstormsecurity.org/files/94396/Secunia-Security-Advisory-41663.html Thu, 30 Sep 2010 06:25:20 GMT Secunia Security Advisory - A security issue and a vulnerability have been reported in the Memcache module for Drupal, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks. Secunia Security Advisory 41675 http://packetstormsecurity.org/files/94395/sa41675.txt http://packetstormsecurity.org/files/94395/sa41675.txt http://packetstormsecurity.org/files/94395/Secunia-Security-Advisory-41675.html Thu, 30 Sep 2010 06:25:17 GMT Secunia Security Advisory - Julien Cayssol has reported some vulnerabilities in Artica, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, SQL injection attacks, and disclose sensitive information. Secunia Security Advisory 41651 http://packetstormsecurity.org/files/94394/sa41651.txt http://packetstormsecurity.org/files/94394/sa41651.txt http://packetstormsecurity.org/files/94394/Secunia-Security-Advisory-41651.html Thu, 30 Sep 2010 06:25:14 GMT Secunia Security Advisory - Multiple vulnerabilities have been discovered in JE Guestbook component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. Secunia Security Advisory 41662 http://packetstormsecurity.org/files/94393/sa41662.txt http://packetstormsecurity.org/files/94393/sa41662.txt http://packetstormsecurity.org/files/94393/Secunia-Security-Advisory-41662.html Thu, 30 Sep 2010 06:25:12 GMT Secunia Security Advisory - Fedora has issued an update for php-pecl-apc. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Secunia Security Advisory 41668 http://packetstormsecurity.org/files/94392/sa41668.txt http://packetstormsecurity.org/files/94392/sa41668.txt http://packetstormsecurity.org/files/94392/Secunia-Security-Advisory-41668.html Thu, 30 Sep 2010 06:25:09 GMT Secunia Security Advisory - Some vulnerabilities have been reported in webSPELL, which can be exploited by malicious people to conduct SQL injection attacks and bypass certain security restrictions. Secunia Security Advisory 41653 http://packetstormsecurity.org/files/94391/sa41653.txt http://packetstormsecurity.org/files/94391/sa41653.txt http://packetstormsecurity.org/files/94391/Secunia-Security-Advisory-41653.html Thu, 30 Sep 2010 06:25:07 GMT Secunia Security Advisory - Fedora has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. Secunia Security Advisory 41531 http://packetstormsecurity.org/files/94390/sa41531.txt http://packetstormsecurity.org/files/94390/sa41531.txt http://packetstormsecurity.org/files/94390/Secunia-Security-Advisory-41531.html Thu, 30 Sep 2010 06:25:04 GMT Secunia Security Advisory - A vulnerability has been reported in 3Com H3C 3100 and 3600 Series switches, which can be exploited by malicious people to cause a DoS (Denial of Service). Secunia Security Advisory 41655 http://packetstormsecurity.org/files/94389/sa41655.txt http://packetstormsecurity.org/files/94389/sa41655.txt http://packetstormsecurity.org/files/94389/Secunia-Security-Advisory-41655.html Thu, 30 Sep 2010 06:25:01 GMT Secunia Security Advisory - A security issue and some vulnerabilities have been reported in phpCAS, which can be exploited by malicious users to perform certain actions with escalated privileges and disclose sensitive information and by malicious people to conduct cross-site scripting attacks. Secunia Security Advisory 41618 http://packetstormsecurity.org/files/94388/sa41618.txt http://packetstormsecurity.org/files/94388/sa41618.txt http://packetstormsecurity.org/files/94388/Secunia-Security-Advisory-41618.html Thu, 30 Sep 2010 06:24:59 GMT Secunia Security Advisory - VMware has acknowledged multiple vulnerabilities in VMware ESX Server, where one has an unknown impact and the others can be exploited by malicious, local users to disclose potentially sensitive information and bypass certain security restrictions and by malicious people to manipulate certain data, conduct spoofing attacks, bypass certain security features, and cause a DoS (Denial of Service). Zero Day Initiative Advisory 10-187 http://packetstormsecurity.org/files/94382/ZDI-10-187.txt http://packetstormsecurity.org/files/94382/ZDI-10-187.txt http://packetstormsecurity.org/files/94382/Zero-Day-Initiative-Advisory-10-187.html Thu, 30 Sep 2010 02:17:18 GMT Zero Day Initiative Advisory 10-187 - This vulnerability allows remote attackers to create a denial of service condition on vulnerable installations of IBM Tivoli FastBack Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within FastBackServer.exe process which listens by default on TCP port 11406. The problematic code resides within a function responsible for reading a block of network packet data. A parameter to this function is initialized to 0 and under certain conditions this value will be accessed before properly initialized. This causes a NULL pointer to be dereferenced and subsequent application crash due to a lack of exception handling. Successful exploitation leads to immediate termination of the fastback server.