exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 195 RSS Feed

Files

Red Hat Security Advisory 2016-0053-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0053-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-4871, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
SHA-256 | 3be5dffa75f02e63bc29dc4d1fc7da3c3b30bef29c49a4a878d9cf9ba523b04e
Red Hat Security Advisory 2016-0055-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0055-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
SHA-256 | b40448498e10595f080684d063b66d9b1e04c6fba568af426eba2d3e33aaefa4
Red Hat Security Advisory 2016-0057-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0057-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
SHA-256 | e11cf361ce84a75486b6566fd82f9240bd8c241d9863dfa68221e3b538e0039c
Red Hat Security Advisory 2016-0049-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0049-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
SHA-256 | 47abffb2d9817bf8cc2b5dd087e26ebb38def15423c3b839b7d5d3801925f7c6
Red Hat Security Advisory 2016-0050-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0050-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
SHA-256 | 923f7f1fb19af9c07fe713c659a98bb0ea548a82a1793d6a8a53efc9b007eb16
QuickAuth Pebble Man-In-The-Middle
Posted Jan 21, 2016

QuickAuth Pebble loads TOTP keys in the clear over HTTP and is susceptible to man-in-the-middle attacks.

tags | advisory, web
SHA-256 | 427e900319b144508503fda3ef825f8938285cdb168278c868e75d07bf751d30
OpenCart Failed Fix
Posted Jan 21, 2016
Authored by Scott Arciszewski

OpenCart failed to properly address a directory traversal vulnerability.

tags | advisory
SHA-256 | 70f25d17535ccb3b77e499f6d07f084657b709f051cdb9e0bdf5b5143c82a422
Cisco Security Advisory 20160120-d9036
Posted Jan 20, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Modular Encoding Platform D9036 Software could allow an unauthenticated, remote attacker to log in to the system shell with the privileges of the root user. The vulnerability occurs because the root user has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. Successful exploitation could allow the attacker to access the system with the privileges of the root user. In addition to the root user, the guest user account also has a default and static password. The guest account is created at installation and cannot be changed or deleted without impacting the functionality of the system. However, this account has limited privileges on the system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, shell, root
systems | cisco
SHA-256 | fc9d0d2252846864b39f5c3b09475bac31aed871f4a9dc779685ed832a514880
Debian Security Advisory 3450-1
Posted Jan 20, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3450-1 - Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2016-1572
SHA-256 | b1042bf33f07950dfbf7089796776d7e9f4596cfcb8a3486e22bff540733ed34
OpenVAS Greenbone Security Assistant Cross Site Scripting
Posted Jan 20, 2016
Authored by Sebastian Neef

OpenVAS Greenbone Security Assistant versions 6.x below 6.0.8 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-1926
SHA-256 | c100aa9dd05c58bbac1bf66e9cf62baa4cb8e642151b8bd891cc2abd39279bab
Apple Security Advisory 2016-01-19-3
Posted Jan 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-01-19-3 - Safari 9.0.3 is now available and addresses privacy and multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727, CVE-2016-1728
SHA-256 | e462c2f203f87776c54462f2cf71e63da2af33926e762713c80e27c1e4796bbc
Apple Security Advisory 2016-01-19-2
Posted Jan 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-01-19-2 - OS X El Capitan 10.11.3 and Security Update 2016-001 are now available and address memory corruption, code execution, and privilege escalation vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple, osx
advisories | CVE-2015-7995, CVE-2016-1716, CVE-2016-1717, CVE-2016-1718, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1729
SHA-256 | 100bff59d0f404f5edd70e97d638dbeff75a49bfaed850a3f6f6bf7da7f8c8fa
Apple Security Advisory 2016-01-19-1
Posted Jan 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-01-19-1 - iOS 9.2.1 is now available and addresses memory corruption and privacy issues.

tags | advisory
systems | cisco, apple, ios
advisories | CVE-2015-7995, CVE-2016-1717, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727, CVE-2016-1728, CVE-2016-1730
SHA-256 | 66bd988cb715ab4f2c40371dc158bf2d8cb4a130aab3901a47e8362cb993c581
Ubuntu Security Notice USN-2876-1
Posted Jan 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2876-1 - Jann Horn discovered that mount.ecryptfs_private would mount over certain directories in the proc filesystem. A local attacker could use this to escalate their privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2016-1572
SHA-256 | 8336d51aed302ea16f55200e926eb72d4d4c273b8a7f860f8cdca0f7ef0f3235
Debian Security Advisory 3449-1
Posted Jan 20, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3449-1 - It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service.

tags | advisory
systems | linux, debian
advisories | CVE-2015-8704
SHA-256 | 9c5126f6a38834936685b484189802425c16dcb30a0def35a457930995235275
Cisco Security Advisory 20160120-ucsm
Posted Jan 20, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in a CGI script in the Cisco UCS Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Unified Computing System (UCS) Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is due to unprotecting calling of shell commands in the CGI script. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. An exploit could allow the attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. Cisco has released software updates that address this vulnerability.

tags | advisory, remote, web, arbitrary, shell, cgi
systems | cisco
SHA-256 | 9c8fe5c6f50edaa9c3f0047fc7cc1967a178d3b69c2eb01ef7ae36795f502b11
HP Security Bulletin HPSBGN03534 1
Posted Jan 20, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03534 1 - A vulnerability in Microsoft Report Viewer was addressed by HPE Performance Center. This is a Cross-Site scripting (XSS) vulnerability that could allow remote information disclosure. Revision 1 of this advisory.

tags | advisory, remote, xss, info disclosure
advisories | CVE-2011-1976
SHA-256 | 04abf29429cd8d8be359decc853470a622f96ac378c0c6755bc6cdbc04dd6745
Ubuntu Security Notice USN-2874-1
Posted Jan 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2874-1 - It was discovered that Bind incorrectly handled certain APL data. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-8704
SHA-256 | 79c2264aa4bbf6599a9769e264c77651900d8554ab8ef78a9f3d91d35415cd61
Ubuntu Security Notice USN-2875-1
Posted Jan 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2875-1 - It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2015-7499, CVE-2015-8710
SHA-256 | e44fbd2269ca21ca0f979180d2710977d6e765bc703e4175699f18ab18cfafc9
Ubuntu Security Notice USN-2870-2
Posted Jan 19, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2870-2 - Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0728
SHA-256 | 3610ef605000c04f677c3c4ac488ad8a75ddc8a7baff5d9152f54fa50319c7ad
Debian Security Advisory 3448-1
Posted Jan 19, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3448-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation or denial-of-service.

tags | advisory, kernel, vulnerability
systems | linux, debian
advisories | CVE-2013-4312, CVE-2015-7566, CVE-2015-8767, CVE-2016-0723, CVE-2016-0728
SHA-256 | 92d9dc5f46cce8160c917d742228cd00883eb1fbd5f64a996d9195961e057ce9
Ubuntu Security Notice USN-2872-3
Posted Jan 19, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2872-3 - Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0728
SHA-256 | 9b6da8e055e2f01caa06a1153d87be5e9162f671ab52a39caf3ef14ebea7802e
Ubuntu Security Notice USN-2872-2
Posted Jan 19, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2872-2 - Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0728
SHA-256 | 805d25d03d4d7a875b7f40ab35f3536b5029d72d4aec9d716b6f493b1a27d92e
Ubuntu Security Notice USN-2871-2
Posted Jan 19, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2871-2 - Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0728
SHA-256 | eca19f277cd38c12794d7899d8c2cc0f11d038ce2b5f8d8d9a19c24229e1f067
Ubuntu Security Notice USN-2873-1
Posted Jan 19, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2873-1 - Yevgeny Pats discovered that the session keyring implementation in the Linux kernel did not properly reference count when joining an existing session keyring. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2016-0728
SHA-256 | 61fe9ea0746f597322c3dbefd9178d76b7bf0a86078da7eca28158d2599f1a09
Page 4 of 8
Back23456Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close