what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 219 RSS Feed

Files

Debian Security Advisory 3724-1
Posted Nov 24, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3724-1 - Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-9634, CVE-2016-9635, CVE-2016-9636
SHA-256 | 8ff0cf57f3b3288f0d4eeb96051a5dfc1fb32ac32bbcb923eced76c5d2f39456
Ubuntu Security Notice USN-3137-1
Posted Nov 24, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3137-1 - It was discovered that MoinMoin did not properly sanitize certain inputs, resulting in cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

tags | advisory, remote, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-7146, CVE-2016-7148, CVE-2016-9119
SHA-256 | 5dc21582c4e5438359f7e9cbf7f3f1a05d7d569e8fb102ddc0de309ed17acf4c
Ubuntu Security Notice USN-3136-1
Posted Nov 24, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3136-1 - Roman Fiedler discovered a directory traversal flaw in lxc-attach. An attacker with access to an LXC container could exploit this flaw to access files outside of the container.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-8649
SHA-256 | fa5f78b6a71df95c1a351871bfca0a6692f9f30f599849d1fa869ef3197ddce9
HP Security Bulletin HPSBHF03673 1
Posted Nov 24, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03673 1 - Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory, spoof, vulnerability
advisories | CVE-2004-2761, CVE-2013-2566, CVE-2015-2808
SHA-256 | 602636acd9eb352dc892bc1bded1cab28642c3e6645b73e0d9f61fe6df4d7dd2
EASY HOME Alarmanlagen-Set MAS-S01-09 Cryptographic Issues
Posted Nov 24, 2016
Authored by Gerhard Klostermeier | Site syss.de

SySS GmbH found out that the 125 kHz RFID technology used by the EASY HOME MAS-S01-09 wireless alarm system has no protection by means of authentication against rogue/cloned RFID tokens. The information stored on the used RFID tokens can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools.

tags | advisory
SHA-256 | f2b5958d04f9bcacb801da8a3f95c98a49142000d47cd1feadd0ebc033c088f0
Blaupunkt Smart GSM Alarm SA 2500 Kit 1.0 Replay Attacks
Posted Nov 24, 2016
Authored by Matthias Deeg | Site syss.de

Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Blaupunkt Smart GSM Alarm SA 2500 Kit is vulnerable to replay attacks.

tags | advisory
SHA-256 | 4a74349e30018d4eadb03382d40421e1c607aee428fa11c9c661fca820e654b2
M2B GSM Wireless Alarm System Replay Attacks
Posted Nov 24, 2016
Authored by Gerhard Klostermeier | Site syss.de

Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks.

tags | advisory
SHA-256 | b19e73ae566f67141fff01b385e124ffe916d02b99d2f4b1eb6581a9331a10b9
M2B GSM Wireless Alarm System Brute Force Issue
Posted Nov 24, 2016
Authored by Gerhard Klostermeier | Site syss.de

Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to brute-force attacks.

tags | advisory
SHA-256 | a33d718d22481da6180fc9af25a09eb7609ae79013ec68a0eb5bd6fddea35071
VMware Security Advisory 2016-0022
Posted Nov 24, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0022 - VMware vCenter Server, vSphere Client, and vRealize Automation updates address information disclosure vulnerabilities.

tags | advisory, vulnerability, info disclosure
advisories | CVE-2016-7458, CVE-2016-7459, CVE-2016-7460
SHA-256 | 2eb92731937c7a5f68f3b95bc7e5f57ed0efd31f7f258f98f7bf28685a4a7363
VMware Security Advisory 2016-0021
Posted Nov 24, 2016
Authored by VMware | Site vmware.com

VMware Security Advisory 2016-0021 - VMware product updates address partial information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2016-5334
SHA-256 | d9372685bd6c303cf6ae449efe2efe58514a7dbbadea4f0e2ab2d3978136abf0
Olympia Protect 9061 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg | Site syss.de

Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.

tags | advisory
SHA-256 | b73813379c9c7ae3a3ca7625ea543b01df7c00b2718c1c9ba66959c0c4a4ff2d
EASY HOME Alarmanlagen-Set MAS-S01-09 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg | Site syss.de

EASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.

tags | advisory
SHA-256 | aa11c4d5d771f9d150ecfead9f82a16873ca84a8146387dc50c052e29720ecb1
Red Hat Security Advisory 2016-2820-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2820-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-8704, CVE-2016-8705
SHA-256 | 09101d18a8872a1fbd6b7d886a1ccee516c5e7b8e80f40ea7d9248d12b1d8f60
Red Hat Security Advisory 2016-2819-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2819-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix: Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

tags | advisory, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-8704, CVE-2016-8705, CVE-2016-8706
SHA-256 | c10e120fa474ab10ba77d113aeba63c5f3226b7220d718cf61f8cbf65756abcc
Red Hat Security Advisory 2016-2816-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2816-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Security Fix: A flaw was found in the way Ceph Object Gateway handles POST object requests. An authenticated attacker could launch a denial of service attack by sending null or specially crafted POST object requests.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2016-8626
SHA-256 | 139b9b08c711bedadc85f67290f1923e202d4dd9d564f6fee986e44d565ac765
Red Hat Security Advisory 2016-2815-01
Posted Nov 23, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2815-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The following packages have been upgraded to a newer upstream version: ceph, ceph-deploy, calamari-server, nfs-ganesha, ceph-iscsi-config, libntirpc, ceph-iscsi-tools. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-8626
SHA-256 | ef405f0bd7b17b62af6a472bc30f36f4a65f15e773f951d2de8b2b16aaddd1c8
Acunetix 10.0 DLL Hijacking
Posted Nov 23, 2016
Authored by Ashiyane Digital Security Team

Acunetix version 10 suffers from multiple dll hijacking vulnerabilities.

tags | advisory, vulnerability
systems | windows
SHA-256 | f9156bed3c4501962e7c625db7d1820c157af7c061dbcc82b917eb9966b17fcc
Siemens SIMATIC Cookie Settings / Cross Site Request Forgery
Posted Nov 22, 2016
Authored by Andrea Barisani

Multiple versions of Siemens SIMATIC suffer from a cross site request forgery vulnerability and poor cookie security settings.

tags | advisory, csrf
advisories | CVE-2016-8672
SHA-256 | 26301c53dda7cca8354b059c0a9195478bf2208f7195cb4e264aa05d0d411026
Ubuntu Security Notice USN-3135-1
Posted Nov 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3135-1 - Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
SHA-256 | 5d1e0d264b968b7b940c1590442ffefc50798c1586401b470059c4535715fdcc
Ubuntu Security Notice USN-3134-1
Posted Nov 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3134-1 - It was discovered that the smtplib library in Python did not return an error when StartTLS fails. A remote attacker could possibly use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, remote, web, cgi, python
systems | linux, ubuntu
advisories | CVE-2016-0772, CVE-2016-1000110, CVE-2016-5636, CVE-2016-5699
SHA-256 | f4acba05d29f61abc115563263a86c66eefab809d6312eba26bddf0ab4433cc7
Ubuntu Security Notice USN-3132-1
Posted Nov 22, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3132-1 - Harry Sintonen discovered that tar incorrectly handled extracting files when path names are specified on the command line. If a user or automated system were tricked into processing a specially crafted archive, an attacker could possibly overwrite arbitrary files.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6321
SHA-256 | 82a69e51a38cce1aed5947f726654c16554c637877b98ca50d8794a1d1ad0663
Gentoo Linux Security Advisory 201611-20
Posted Nov 22, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-20 - A buffer overflow in TestDisk might allow remote attackers to execute arbitrary code. Versions less than 7.0-r2 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
SHA-256 | dcdc93994e2a08593c7364a725d76d01ba45b80293d2feb7bd194282f907df0b
Gentoo Linux Security Advisory 201611-19
Posted Nov 22, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-19 - A path traversal attack in Tar may lead to the remote execution of arbitrary code. Versions less than 1.29-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2016-6321
SHA-256 | 61af9c3e2fef42cd67d49fe15711105155cf77af77c4e6aaa875cbb347291165
Gentoo Linux Security Advisory 201611-18
Posted Nov 22, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-18 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 23.0.0.207 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-7857, CVE-2016-7858, CVE-2016-7859, CVE-2016-7860, CVE-2016-7861, CVE-2016-7862, CVE-2016-7863, CVE-2016-7864, CVE-2016-7865
SHA-256 | 25374cbf5545f7ef72ab04c1eb0309daf105a811087b8f8a8f20156f79f743b1
Gentoo Linux Security Advisory 201611-17
Posted Nov 22, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-17 - A buffer overflow in RPCBind might allow remote attackers to cause a Denial of Service. Versions less than 0.2.3-r1 are affected.

tags | advisory, remote, denial of service, overflow
systems | linux, gentoo
advisories | CVE-2015-7236
SHA-256 | afd05a0c233637b1e7809dcbcc7edbb1b672dd4a08a6ed63f1e333c2983b0d87
Page 2 of 9
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close