exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-09-29

Ubuntu Security Notice USN-3094-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3094-1 - Andrew Ayer discovered that Systemd improperly handled zero-length notification messages. A local unprivileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
SHA-256 | 1ba872a1536aaaeaf458159274b73bb4073e6d16e22c38eb09ab3ccef17531aa
HP Security Bulletin HPSBGN03650 1
Posted Sep 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03650 1 - A potential vulnerability has been identified in HPE Network Automation Software. The vulnerability could be locally exploited to allow arbitrary file modification. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2016-4386
SHA-256 | f8b48858bf63376d452f7789a5a4547fe95c190a9693ab9d2026dac1ad2a3697
Red Hat Security Advisory 2016-1978-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1978-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-1000111
SHA-256 | d5e3aa646dfd2f8b3f78548122631ae45d15ee8081e7f70b40011002ec277d92
Red Hat Security Advisory 2016-1967-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1967-01 - The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5432
SHA-256 | 1dad5da83832d848a306c7a1c3edafe684ebd92107f66f7df2652aa86e3cb1b4
Red Hat Security Advisory 2016-1973-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1973-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7031
SHA-256 | 6495d29df539e95c5eb0e5c071fc29f9cec2d96539c046e52d8534cc8724c963
Red Hat Security Advisory 2016-1972-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1972-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7031
SHA-256 | db68653a7b9b6241ac1ee45d0848b57d281fc69b1882bad6922e32fdea8a52c6
Revive Adserver 3.2.4 XSS / File Download / Element Injection
Posted Sep 29, 2016
Authored by Matteo Beccati

Revive Adserver versions 3.2.4 and below suffers from reflected file download, cross site scripting, and special element injection.

tags | advisory, xss
SHA-256 | b2af95d062de5bdc30f259d6beea9ba5dac6df00433eebde912fe2a5cbc3d161
Cisco Security Advisory 20160928-smi
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

tags | advisory, remote, denial of service, tcp, memory leak
systems | cisco, osx
SHA-256 | a148836287ff37df7a6160852705022c6c49dfe1768ef65b38854aac3c0eda81
Cisco Security Advisory 20160928-msdp
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart. The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | cisco, osx
SHA-256 | d3cbfed6645f0353d9f26d0202653f9ac87d273cd24d9c0bcc14ae58b5e26409
Cisco Security Advisory 20160928-ios-ikev1
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, udp
systems | cisco, osx
SHA-256 | d793fb6c1d8ef6ea8e7c13e8efc3182402fd3c886bdf151b007edd76785c075b
Cisco Security Advisory 20160928-esp-nat
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
SHA-256 | 6bdab0ea549f484bd1e3d255ccb898389ec19764b4d60f337ed86ae3d6cf68ea
Cisco Security Advisory 20160928-cip
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 7eeed3c340b1022fe38348b497c56616974dcd7243014d0affae46bb15082884
Cisco Security Advisory 20160928-aaados
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an error log message when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this vulnerability by attempting to authenticate to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

tags | advisory, remote, denial of service, shell
systems | cisco, osx
SHA-256 | 09a0906cb0093e06d2d1f40eeea5a1464121a24f7bffb46b62cadd140729789a
Ubuntu Security Notice USN-3092-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3092-1 - Stefan Metzmacher discovered that Samba incorrectly handled certain flags in SMB2/3 client connections. A remote attacker could use this issue to disable client signing and impersonate servers by performing a man in the middle attack. Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2119
SHA-256 | 4edf165016c2460e921c064dc440ed429814ccfc70919740ee86f63fba19fc88
Red Hat Security Advisory 2016-1969-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1969-01 - This release of Red Hat JBoss BPM Suite 6.3.3 serves as a replacement for Red Hat JBoss BPM Suite 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-5398
SHA-256 | 2cc79cd62732a63158a0f117f349639a1843a06e425e0ea5c8c42481ccf377db
Red Hat Security Advisory 2016-1968-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1968-01 - This release of Red Hat JBoss BRMS 6.3.3 serves as a replacement for Red Hat JBoss BRMS 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-5398
SHA-256 | 5831a7110053a2c2722e2d3f6c7c6cc8c7c1f948b48e8571056c4c3c280277aa
Ubuntu Security Notice USN-3093-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3093-1 - It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1371, CVE-2016-1372, CVE-2016-1405
SHA-256 | 341041e7f8d7c1fd9f4abcb699474d38b7f691167229020b13c273277e5c2fc4
Page 1 of 1
Back1Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close