exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 142 RSS Feed

Files

Perixx PERIDUO-710W KG-1027 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

The Perixx PERIDUO-710W KG-1027 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
SHA-256 | f4bc0516c208b0307fe50d327f89c8d288ef83ffc61506179cd54509362894b3
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
SHA-256 | 1638ec208f8e37eaf9b5a1c43ce2ce9035fedf7e2ee03ce599899ee97a9d2669
Logitech M520 Y-R0012 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
SHA-256 | b5b536b4797a8eff1eb40c967a4bdf37db110f16f71fc0a6f0da5e15e92a9b27
Apache MyFaces Trinidad Information Disclosure
Posted Sep 30, 2016
Authored by Teemu Kaariainen, Andy Schwartz

Apache MyFaces Trinidad versions 1.0.0 to 1.0.13, 1.2.1 to 1.2.14, 2.0.0 to 2.0.1, and 2.1.0 to 2.1.1 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-5019
SHA-256 | d52ae0b80ff5e5d1cc0efc513c971067776f22f749a120d81c7b142b8af4aa14
Ubuntu Security Notice USN-3094-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3094-1 - Andrew Ayer discovered that Systemd improperly handled zero-length notification messages. A local unprivileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
SHA-256 | 1ba872a1536aaaeaf458159274b73bb4073e6d16e22c38eb09ab3ccef17531aa
HP Security Bulletin HPSBGN03650 1
Posted Sep 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03650 1 - A potential vulnerability has been identified in HPE Network Automation Software. The vulnerability could be locally exploited to allow arbitrary file modification. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2016-4386
SHA-256 | f8b48858bf63376d452f7789a5a4547fe95c190a9693ab9d2026dac1ad2a3697
Red Hat Security Advisory 2016-1978-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1978-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-1000111
SHA-256 | d5e3aa646dfd2f8b3f78548122631ae45d15ee8081e7f70b40011002ec277d92
Red Hat Security Advisory 2016-1967-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1967-01 - The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5432
SHA-256 | 1dad5da83832d848a306c7a1c3edafe684ebd92107f66f7df2652aa86e3cb1b4
Red Hat Security Advisory 2016-1973-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1973-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7031
SHA-256 | 6495d29df539e95c5eb0e5c071fc29f9cec2d96539c046e52d8534cc8724c963
Red Hat Security Advisory 2016-1972-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1972-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7031
SHA-256 | db68653a7b9b6241ac1ee45d0848b57d281fc69b1882bad6922e32fdea8a52c6
Revive Adserver 3.2.4 XSS / File Download / Element Injection
Posted Sep 29, 2016
Authored by Matteo Beccati

Revive Adserver versions 3.2.4 and below suffers from reflected file download, cross site scripting, and special element injection.

tags | advisory, xss
SHA-256 | b2af95d062de5bdc30f259d6beea9ba5dac6df00433eebde912fe2a5cbc3d161
Cisco Security Advisory 20160928-smi
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

tags | advisory, remote, denial of service, tcp, memory leak
systems | cisco, osx
SHA-256 | a148836287ff37df7a6160852705022c6c49dfe1768ef65b38854aac3c0eda81
Cisco Security Advisory 20160928-msdp
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart. The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | cisco, osx
SHA-256 | d3cbfed6645f0353d9f26d0202653f9ac87d273cd24d9c0bcc14ae58b5e26409
Cisco Security Advisory 20160928-ios-ikev1
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, udp
systems | cisco, osx
SHA-256 | d793fb6c1d8ef6ea8e7c13e8efc3182402fd3c886bdf151b007edd76785c075b
Cisco Security Advisory 20160928-esp-nat
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
SHA-256 | 6bdab0ea549f484bd1e3d255ccb898389ec19764b4d60f337ed86ae3d6cf68ea
Cisco Security Advisory 20160928-cip
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 7eeed3c340b1022fe38348b497c56616974dcd7243014d0affae46bb15082884
Cisco Security Advisory 20160928-aaados
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an error log message when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this vulnerability by attempting to authenticate to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

tags | advisory, remote, denial of service, shell
systems | cisco, osx
SHA-256 | 09a0906cb0093e06d2d1f40eeea5a1464121a24f7bffb46b62cadd140729789a
Ubuntu Security Notice USN-3092-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3092-1 - Stefan Metzmacher discovered that Samba incorrectly handled certain flags in SMB2/3 client connections. A remote attacker could use this issue to disable client signing and impersonate servers by performing a man in the middle attack. Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2119
SHA-256 | 4edf165016c2460e921c064dc440ed429814ccfc70919740ee86f63fba19fc88
Red Hat Security Advisory 2016-1969-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1969-01 - This release of Red Hat JBoss BPM Suite 6.3.3 serves as a replacement for Red Hat JBoss BPM Suite 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-5398
SHA-256 | 2cc79cd62732a63158a0f117f349639a1843a06e425e0ea5c8c42481ccf377db
Red Hat Security Advisory 2016-1968-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1968-01 - This release of Red Hat JBoss BRMS 6.3.3 serves as a replacement for Red Hat JBoss BRMS 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-5398
SHA-256 | 5831a7110053a2c2722e2d3f6c7c6cc8c7c1f948b48e8571056c4c3c280277aa
Ubuntu Security Notice USN-3093-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3093-1 - It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1371, CVE-2016-1372, CVE-2016-1405
SHA-256 | 341041e7f8d7c1fd9f4abcb699474d38b7f691167229020b13c273277e5c2fc4
Red Hat Security Advisory 2016-1944-01
Posted Sep 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1944-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-2776
SHA-256 | 63f1574ac630676fcf0eff4827fb27a6d2d47e11f2e55f0e0d10550f09bf49f6
Red Hat Security Advisory 2016-1945-01
Posted Sep 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1945-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-2776
SHA-256 | be43c5a097e942ecd307ebf4297bc06f0d866bd50f9d3352b9a0006c698abcc0
Cisco Security Advisory 20160927-openssl
Posted Sep 28, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2016-2178, CVE-2016-2183
SHA-256 | 8a01e5818235e52620d9168ec7848771a0b5ee468ce6cb8088cecce9cffb935e
Slackware Security Advisory - bind Updates
Posted Sep 28, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-2776
SHA-256 | fa36deda59b2671cb8b2e580d7603a1022589c6028f745b10155c2f43650482a
Page 1 of 6
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close