exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 165 RSS Feed

Files

Debian Security Advisory 3555-1
Posted Apr 25, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3555-1 - Several vulnerabilities were discovered in imlib2, an image manipulation library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2011-5326, CVE-2014-9771, CVE-2016-3993, CVE-2016-3994, CVE-2016-4024
SHA-256 | 1ee5e61be52ed3b6800246af5250019695e3d62af4fd4f0bf75056031c465e3c
Red Hat Security Advisory 2016-0685-01
Posted Apr 25, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0685-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-1978, CVE-2016-1979
SHA-256 | 7142359029ecb55b91f8740bcc308885a4ca03d05377044d0945c59945dbfdaa
Shopware Remote Code Execution
Posted Apr 23, 2016
Authored by David Vieira-Kurz

Shopware versions prior to 5.1.5 suffer from a remote code execution vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2016-3109
SHA-256 | 8ed34df1b1c5c4feb506c2ffe5618e3c1345315775fedc648d88ef2fcbe643b1
Digitalstrom Konfigurator 1.10.0 CSRF / Cross Site Scripting
Posted Apr 22, 2016
Authored by W. Schober | Site sec-consult.com

Digitalstrom Konfigurator version 1.10.0 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | c1222ada6c904eee3c1aae5b05d9e712fcff0d0139e72dc176f4270549e20f32
my devolo 1.2.8 Insecure Data Storage
Posted Apr 22, 2016
Authored by A. Nochvay | Site sec-consult.com

my devolo version 1.2.8 suffers from an insecure data storage vulnerability.

tags | advisory
SHA-256 | 415a9667d7875e4ffab1d65d9e2cf1a4f4419c8a28f4fcc72dddbb4c9b7a0e90
HP Security Bulletin HPSBMU03573 1
Posted Apr 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03573 1 - A potential security vulnerability has been identified with HPE System Management Homepage (SMH) on Windows and Linux. The vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2016-0800
SHA-256 | 0f9a8afa3e02fde39f49085d5941c36ef63fb1b0db9a70d41a775c34c9b30791
HP Security Bulletin HPSBGN03580 1
Posted Apr 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03580 1 - Potential security vulnerabilities have been identified in HP Data Protector that could allow the remote execution of code or the unauthorized disclosure of information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2015-2808, CVE-2016-2004, CVE-2016-2005, CVE-2016-2006, CVE-2016-2007, CVE-2016-2008
SHA-256 | fe555940ce11a58464ddf248fb5f34613b1577e3c29742dd8f78b82baddfc1de
Debian Security Advisory 3553-1
Posted Apr 22, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3553-1 - Regis Leroy from Makina Corpus discovered that varnish, a caching HTTP reverse proxy, is vulnerable to HTTP smuggling issues, potentially resulting in cache poisoning or bypassing of access control policies.

tags | advisory, web
systems | linux, debian
advisories | CVE-2015-8852
SHA-256 | bc657fff411ae02e679a1648904473ae77ce5c8698e470789184f8f669a61b43
Debian Security Advisory 3554-1
Posted Apr 22, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3554-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-3158, CVE-2016-3159, CVE-2016-3960
SHA-256 | eaab15a54a41ea6970b80c6129c79cc7bf582d226649ce50c14c4881102bb949
Red Hat Security Advisory 2016-0679-01
Posted Apr 22, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0679-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 115. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
SHA-256 | 0340146d9888ba15286481bf065ec18c2d5a4ddf8079084b846383f0f04b7c15
Ubuntu Security Notice USN-2953-1
Posted Apr 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2953-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.5.49 in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 15.10 has been updated to MySQL 5.6.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0655, CVE-2016-0661, CVE-2016-0665, CVE-2016-0666, CVE-2016-0668, CVE-2016-2047
SHA-256 | 9c12ded85963841122600225020c8b57b79a49ee77bbd119512b585e2069ce08
Microsoft Security Bulletin Revision Increment For April, 2016
Posted Apr 22, 2016
Site microsoft.com

This bulletin summary lists MS16-039 which has undergone a major revision increment.

tags | advisory
SHA-256 | 0ac741de4428df0121953939d51fee062a375e8acec222ddc150a90301918fe7
Ubuntu Security Notice USN-2952-1
Posted Apr 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2952-1 - It was discovered that the PHP Zip extension incorrectly handled directories when processing certain zip files. A remote attacker could possibly use this issue to create arbitrary directories. It was discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2014-9767, CVE-2015-8835, CVE-2015-8838, CVE-2016-1903, CVE-2016-2554, CVE-2016-3141, CVE-2016-3142, CVE-2016-3185
SHA-256 | 4d6db38bd4a4eeeff3a87c17afbc7413a7d3d1c3b63225f6e73d061b71d981c9
Red Hat Security Advisory 2016-0678-01
Posted Apr 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0678-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 101. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
SHA-256 | 63a203916e8946bb559b14bc46107ba6a1973b9155ec04c0330c9d74b5feb030
Red Hat Security Advisory 2016-0677-01
Posted Apr 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0677-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 91. Security Fix: This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449
SHA-256 | 998b4e01ddd98bf99e316038c9799396bb83ab95f8c668a5bfc4e7d7fb84c82b
Red Hat Security Advisory 2016-0676-01
Posted Apr 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0676-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427
SHA-256 | 4957fba7cfab0271e2e2a1b7fecd59abf0cb0d1af97fb5c03cb515635a2e3346
Red Hat Security Advisory 2016-0675-01
Posted Apr 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0675-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427
SHA-256 | 31475770043462674735810ea8ce72f5a339a55eb8567815e81b1270ae16e78e
Red Hat Security Advisory 2016-0651-01
Posted Apr 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0651-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427
SHA-256 | bbbd2e040a01f786cadbff1861fef9c12b10ef1c508f98e7f33d19f3d298ceca
Red Hat Security Advisory 2016-0650-01
Posted Apr 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0650-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427
SHA-256 | 9f4f3ce6513290cd9445b9e9dd9ec551b258b80a03204a2919a229701768aeb6
Cisco Security Advisory 20160420-libsrtp
Posted Apr 20, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Cisco released version 1.5.3 of the Secure Real-Time Transport Protocol (SRTP) library (libSRTP), which addresses a denial of service (DoS) vulnerability. Multiple Cisco products incorporate a vulnerable version of the libSRTP library. The vulnerability is in the encryption processing subsystem of libSRTP and could allow an unauthenticated, remote attacker to trigger a DoS condition. The vulnerability is due to improper input validation of certain fields of SRTP packets. An attacker could exploit this vulnerability by sending a crafted SRTP packet designed to trigger the issue to an affected device. The impact of this vulnerability on Cisco products may vary depending on the affected product. Details about the impact on each product are outlined in the "Conditions" section of each Cisco bug for this vulnerability. The bug IDs are listed at the top of this advisory and in the table in "Vulnerable Products."

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 78fe5bc5630f5e6bb6ffdb225fd6049b8821eb6181ae5e2c77b75655f6bb9121
Cisco Security Advisory 20160420-asa-dhcpv6
Posted Apr 20, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the DHCPv6 relay feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to insufficient validation of DHCPv6 packets. An attacker could exploit this vulnerability by sending crafted DHCPv6 packets to an affected device, resulting in a denial of service (DoS) condition. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode. Cisco ASA Software is affected by this vulnerability only if the software is configured with the DHCPv6 relay feature. The vulnerability is triggered only by IPv6 traffic. This vulnerability affects Cisco ASA Software release 9.4.1 only. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | 81ecfb49b2651d6ccb595836cb13c19a571a98280171311102603ad9016cae8a
Cisco Security Advisory 20160420-htrd
Posted Apr 20, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the HTTP URL redirect feature of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a buffer overflow condition on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of HTTP traffic by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to cause a buffer overflow condition on the device, which could allow the attacker to cause the device to reload, resulting in a DoS condition, or execute arbitrary code on the device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web, denial of service, overflow, arbitrary
systems | cisco
SHA-256 | 80beed554e809e8a5870224a154380f8f23caadf7d76dc0972162a6d1b575909
Cisco Security Advisory 20160420-bdos
Posted Apr 20, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Bonjour task manager of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of Bonjour traffic by the affected software. An attacker could exploit this vulnerability by sending crafted Bonjour traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
SHA-256 | cdc30beb702f0e49569edc1e6a47e2492634d2280ded85af9b61c7a398b3c5b1
Cisco Security Advisory 20160420-wlc
Posted Apr 20, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based management interface of Cisco Wireless LAN Controller (WLC) devices running Cisco AireOS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the presence of unsupported URLs in the web-based device management interface provided by the affected software. An attacker could exploit this vulnerability by attempting to access a URL that is not generally accessible from and supported by the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | cc7c61582a3a61aaedc912d02cc2f5089a42bb405fe4aade132697a4c20e10f6
EMC ViPR SRM Cross Site Request Forgery
Posted Apr 19, 2016
Site emc.com

EMC ViPR SRM versions prior to 3.7 suffer from multiple cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
advisories | CVE-2016-0891
SHA-256 | 1fb66dd03a74f0b38a6011bb95c1309b0b0f482a95d89477bba6f4236e08b3b0
Page 2 of 7
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close