exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 176 RSS Feed

Files

Microsoft Security Bulletin Revision Increment For December, 2016
Posted Dec 19, 2016
Site microsoft.com

This bulletin summary lists one bulletin that has undergone a major revision increment.

tags | advisory
SHA-256 | ff6225bec8950ff72d45bce6368a1eaa607641403cd731d14c1aba300f276222
Glype 1.4.4 Access Bypass
Posted Dec 19, 2016
Authored by Celso Bento

A vulnerability exists in the hotlinking feature of Glype on all versions that allow the bypass and makes possible to link directly to proxified files or develop applications that integrate direct linking into the url. Affects version 1.4.4.

tags | advisory
SHA-256 | d55fbea987eb4347de12abe19f1c01e146547b622100b21be3e43aed9be160f3
Debian Security Advisory 3738-1
Posted Dec 18, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3738-1 - Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.

tags | advisory, remote, vulnerability, code execution, info disclosure
systems | linux, debian
advisories | CVE-2016-6816, CVE-2016-8735, CVE-2016-9774, CVE-2016-9775
SHA-256 | 8028bec437fa228aa9afd33369c757ee09d5b8098a5f487ad4cc3e28b24b9e87
Ubuntu Security Notice USN-3156-2
Posted Dec 18, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3156-2 - USN-3156-1 fixed vulnerabilities in APT. It also caused a bug in unattended-upgrades on that may require manual intervention to repair.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 3ccfa4f246d10d8becb045b90746c21c40ffba281ba92bc8d5f3f13fcc263720
Red Hat Security Advisory 2016-2957-01
Posted Dec 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2957-01 - This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. Security Fix: This update fixes several flaws in OpenSSL.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2012-1148, CVE-2014-3523, CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3185, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
SHA-256 | 74baff33a674c45e41ccf55a650db1510528f79d7721465b4047850b17a58f49
Red Hat Security Advisory 2016-2956-01
Posted Dec 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2956-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2016-9579
SHA-256 | c8a05cde7c6f1586273c7e868a954241268127f0dd2cbbf430b8e15b13d530b3
HP Security Bulletin HPSBMU03684 1
Posted Dec 16, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03684 1 - Several potential security vulnerabilities have been identified in HPE Version Control Repository Manager(VCRM) on Windows and Linux. The vulnerabilities could be exploited remotely resulting in Cross-Site Request Forgery, Sensitive Information Disclosure, and Malicious File Upload. Revision 1 of this advisory.

tags | advisory, vulnerability, info disclosure, file upload, csrf
systems | linux, windows
advisories | CVE-2016-8513, CVE-2016-8514, CVE-2016-8515
SHA-256 | db2efcf43ac141cfad7af6e6fed3070765b60681b11cc72b5ded4b70a32c2bca
Debian Security Advisory 3736-1
Posted Dec 16, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3736-1 - Two vulnerabilities were discovered in libupnp, a portable SDK for UPnP devices.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-6255, CVE-2016-8863
SHA-256 | 8b202cd7bbbe68db611c87ae37568f6c65a5c227e9e4303cedb683e9db82a0fa
Red Hat Security Advisory 2016-2954-01
Posted Dec 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2954-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request.

tags | advisory, remote, web, denial of service
systems | linux, redhat
advisories | CVE-2016-9579
SHA-256 | ffd0f1050a7ef1b3a4d10d63d30d6f88aea60a0a3de72d704468901724023708
Microsoft Windows Type 1 Font Processing Privilege Escalation
Posted Dec 15, 2016
Authored by Behzad Najjarpour Jabbari | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the win32k.sys when processing Type 1 fonts, which can be exploited to trigger a NULL pointer dereference and subsequently cause a kernel crash or gain elevated privileges via a specially crafted PFB font. The vulnerability is confirmed on a fully patched Windows 7 Professional (win32k.sys version 6.1.7601.23545).

tags | advisory, denial of service, kernel, local
systems | windows
advisories | CVE-2016-7259
SHA-256 | b6b7d487b13f5974b1d680b4b3cd014162b94a54fd298adb9eb15a3d0cdaa57b
Red Hat Security Advisory 2016-2947-01
Posted Dec 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2947-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 24.0.0.186. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2016-7867, CVE-2016-7868, CVE-2016-7869, CVE-2016-7870, CVE-2016-7871, CVE-2016-7872, CVE-2016-7873, CVE-2016-7874, CVE-2016-7875, CVE-2016-7876, CVE-2016-7877, CVE-2016-7878, CVE-2016-7879, CVE-2016-7880, CVE-2016-7881, CVE-2016-7890, CVE-2016-7892
SHA-256 | 765e02f69a22614cfe6c1db7a564eceac91ddaea0e1e48d6b0cd4801bab8b049
Red Hat Security Advisory 2016-2946-01
Posted Dec 15, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2946-01 - Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-9893, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905
SHA-256 | 84564515b5f9d776044d365d809f99f157eb14f3275091f7c8501626652858c4
Slackware Security Advisory - mozilla-firefox Updates
Posted Dec 15, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
SHA-256 | 451a308e892803e82049bb6bb16dcbbd6e04a3ce93d7ae62bb47904915c48897
Ubuntu Security Notice USN-3157-1
Posted Dec 15, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3157-1 - Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Donncha O Cearbhaill discovered that Apport did not properly sanitize the Package and SourcePackage fields in crash files before processing package specific hooks. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. Various other issues were also addressed.

tags | advisory, arbitrary, python
systems | linux, ubuntu
advisories | CVE-2016-9949, CVE-2016-9950, CVE-2016-9951
SHA-256 | a6a736e2e12ac1c6250ab44dd7b1b96530916ecd5f2b440dec573008e9c757d8
Apple Security Advisory 2016-12-13-8
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-8 - Transporter 1.9.2 is now available and addresses an information disclosure vulnerability.

tags | advisory, info disclosure
systems | apple
advisories | CVE-2016-7666
SHA-256 | a15c7b8671a1b605dfb13cba0b47053d45b9312355517a08c8952b2087599eda
Apple Security Advisory 2016-12-13-7
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-7 - This advisory provides additional information in regards to watchOS 3.1.1 fixes as originally documented in APPLE-SA-2016-12-12-2.

tags | advisory
systems | apple
advisories | CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-7588, CVE-2016-7589, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7606, CVE-2016-7607, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7619, CVE-2016-7621, CVE-2016-7626, CVE-2016-7627, CVE-2016-7636, CVE-2016-7637, CVE-2016-7643, CVE-2016-7644, CVE-2016-7651, CVE-2016-7657, CVE-2016-7658, CVE-2016-7659, CVE-2016-7660, CVE-2016-7662, CVE-2016-7663
SHA-256 | 1e75ac1d7e84337d43fda5523d2559c90e0014064b306b2c2c06c43e2fb37d94
Apple Security Advisory 2016-12-13-4
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-4 - iCloud for Windows v6.1 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | windows, apple
advisories | CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7614, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
SHA-256 | f9f2e0e3cd17cfbd20fb428973c02abebf6c74592c089a643061a74e1f8412a4
Apple Security Advisory 2016-12-13-5
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-5 - This advisory provides additional information in regards to iOS 10.2 fixes as originally documented in APPLE-SA-2016-12-12-1.

tags | advisory
systems | cisco, apple, ios
advisories | CVE-2016-4688, CVE-2016-4689, CVE-2016-4690, CVE-2016-4691, CVE-2016-4692, CVE-2016-4693, CVE-2016-4743, CVE-2016-4781, CVE-2016-7586, CVE-2016-7587, CVE-2016-7588, CVE-2016-7589, CVE-2016-7591, CVE-2016-7592, CVE-2016-7594, CVE-2016-7595, CVE-2016-7597, CVE-2016-7598, CVE-2016-7599, CVE-2016-7601, CVE-2016-7606, CVE-2016-7607, CVE-2016-7610, CVE-2016-7611, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7619
SHA-256 | c76b2facaf88977456f7443e4116d5d542dddbae7939376c8c47ecf19fcff957
Apple Security Advisory 2016-12-13-6
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-6 - This advisory provides additional information in regards to tvOS 10.1 fixes as originally documented in APPLE-SA-2016-12-12-3.

tags | advisory
systems | apple
advisories | CVE-2016-4688, CVE-2016-4691, CVE-2016-4692, CVE-2016-4693, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7588, CVE-2016-7589, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7598, CVE-2016-7599, CVE-2016-7606, CVE-2016-7607, CVE-2016-7610, CVE-2016-7611, CVE-2016-7612, CVE-2016-7615, CVE-2016-7616, CVE-2016-7619, CVE-2016-7621, CVE-2016-7626, CVE-2016-7627, CVE-2016-7632, CVE-2016-7635, CVE-2016-7636
SHA-256 | 29a768aaf01478b8d97cab781144a949c5f45c52011168e14464b7f343949ef0
Apple Security Advisory 2016-12-13-3
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-3 - iTunes 12.5.4 is now available and addresses memory corruption, arbitrary code execution, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
SHA-256 | 407486bf89d0f2e73b35a0728f1320d49145c9383f340da1734d4a06a1e90a34
Apple Security Advisory 2016-12-13-2
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-2 - Safari 10.0.2 is now available and addresses cross site scripting, arbitrary code execution, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution, xss
systems | apple
advisories | CVE-2016-4692, CVE-2016-4743, CVE-2016-7586, CVE-2016-7587, CVE-2016-7589, CVE-2016-7592, CVE-2016-7598, CVE-2016-7599, CVE-2016-7610, CVE-2016-7611, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7640, CVE-2016-7641, CVE-2016-7642, CVE-2016-7645, CVE-2016-7646, CVE-2016-7648, CVE-2016-7649, CVE-2016-7650, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
SHA-256 | 986fc3ac166c04825882fb3e3f511652563a6bd564900b0b853d90834b050dff
Apple Security Advisory 2016-12-13-1
Posted Dec 14, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-12-13-1 - macOS 10.12.2 is now available and addresses arbitrary code execution, denial of service, and various other vulnerabilities.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | apple
advisories | CVE-2016-1777, CVE-2016-1823, CVE-2016-4688, CVE-2016-4691, CVE-2016-4693, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-6303, CVE-2016-6304, CVE-2016-7141, CVE-2016-7167, CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418, CVE-2016-7588, CVE-2016-7591, CVE-2016-7594, CVE-2016-7595, CVE-2016-7596, CVE-2016-7600, CVE-2016-7602, CVE-2016-7603, CVE-2016-7604
SHA-256 | 68bf50743be919151d9547b2351d633298a9bfe57d7160fac7541f89315f5b98
Ubuntu Security Notice USN-3155-1
Posted Dec 14, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3155-1 - Multiple security vulnerabilities were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, obtain sensitive information, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2016-9080, CVE-2016-9893, CVE-2016-9894, CVE-2016-9895, CVE-2016-9896, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9903, CVE-2016-9904
SHA-256 | b6364d5c8c628bdd3dd607dcd630f92aac73f757ae6bad2d66a2c640a03b6bf8
Red Hat Security Advisory 2016-2945-01
Posted Dec 14, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2945-01 - Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for Red Hat Single Sign-On 7.0. Security Fix: It was found that Keycloak did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.

tags | advisory, web, info disclosure
systems | linux, redhat
advisories | CVE-2016-8609
SHA-256 | bbad4c80114dd4575132480519035b653d18cbdfd472eef285d492efc8e3fa92
Ubuntu Security Notice USN-3156-1
Posted Dec 14, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3156-1 - Jann Horn discovered that APT incorrectly handled InRelease files. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-1252
SHA-256 | b7eb80c0b70482b71b386b58b45e73716f7e3508503ad770ba34c88879d48914
Page 3 of 7
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close