functional security

Register | Login

Home Files News About Contact Add New

Showing 1 - 1 of 1

Files

Zero Day Initiative Advisory 10-136: Posted Jul 22, 2010; Authored by Tipping Point | Site zerodayinitiative.com; Zero Day Initiative Advisory 10-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Teaming. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tomcat server installed by default with Teaming. The server exposes an AJAX request handler which allows a remote user to upload an image via the upload_image_file operation. By crafting a specially formatted filename an attacker can bypass a name-mangling mechanism and traverse outside the intended temporary directory. By uploading a malicious JSP document to the web directory, an attacker can abuse this functionality to execute arbitrary code under the context of the SYSTEM user.; tags | advisory, remote, web, arbitrary; MD5 | 542610dde673af95d2ee4fdae0cfc9c8; Download | Favorite | Comments (0)

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 46 files
Ubuntu 34 files
the_cyber_nuxbie 27 files
Sony 24 files
Debian 24 files
Gentoo 16 files
HP 15 files
Tipping Point 15 files
Benjamin Kunz Mejri 15 files
3spi0n 13 files

Recent News

Microsoft To Send Users 4 Critical Patches On Valentine's Day: Posted Feb 10, 2012; tags | headline, microsoft, flaw, patch; Link | Favorite | Comments (0)

Malware Devs Embrace Open Source: Posted Feb 10, 2012; tags | headline, malware, trojan; Link | Favorite | Comments (0)

Mobile Security Researchers Warn Of Evolving Android Malware: Posted Feb 10, 2012; tags | headline, malware, phone, google; Link | Favorite | Comments (0)

Security Patches Cost Google $410,000 In Finder's Fees: Posted Feb 10, 2012; tags | headline, flaw, google; Link | Favorite | Comments (0)

Google Wallet PIN Security Cracked In Seconds: Posted Feb 9, 2012; tags | headline, hacker, phone, google; Link | Favorite | Comments (0)

Airport Bomb Twitter Joker In Second Fine Appeal Bid: Posted Feb 9, 2012; tags | headline, government, twitter; Link | Favorite | Comments (0)

Chinese iPhone Maker Foxconn Hacked: Posted Feb 9, 2012; tags | headline, hacker, microsoft, phone, apple; Link | Favorite | Comments (0)

Anonymous Goes After Syria: Posted Feb 9, 2012; tags | headline, government, anonymous, syria; Link | Favorite | Comments (0)

DDoS Now Protestors' Weapon Of Choice: Posted Feb 8, 2012; tags | headline, cybercrime, denial of service; Link | Favorite | Comments (0)

USB Stick Can Be Tracked And Remotely Deleted: Posted Feb 8, 2012; tags | headline, privacy; Link | Favorite | Comments (0)

View More News →

packet storm

© 2012 Packet Storm. All rights reserved.

Site Links: News by Month; News Tags; Files by Month; File Tags; File Directory

About Us: History & Purpose; Contact Information; Terms of Service; Privacy Statement; Copyright Information

Advertising: Become an Advertiser
Hosting By: Rokabear; Global Mirror List