Twenty Year Anniversary
Showing 1 - 25 of 40 RSS Feed

Files Date: 2015-06-10

Pandora FMS 5.0 / 5.1 Authentication Bypass
Posted Jun 10, 2015
Authored by A. Tsvetkov, Manuel Mancera

Pandora FMS versions 5.0 and 5.1 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
MD5 | 6d37f52390af844503b8487747e66f75
Red Hat Security Advisory 2015-1086-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1086-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-3096, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108
MD5 | afdd7e953cd00b4ba0938cc04bb1ede6
Ubuntu Security Notice USN-2630-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2630-1 - Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kurt Seifried discovered that QEMU incorrectly handled certain temporary files. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-3209, CVE-2015-4037, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106
MD5 | 31c0c430eecc5ebaacd99790a835bcc7
Ubuntu Security Notice USN-2638-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2638-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-0275, CVE-2015-3636, CVE-2015-4036
MD5 | ab8de6f031e35cba4fa980f5d17dfc2a
Ubuntu Security Notice USN-2633-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2633-1 - Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3636, CVE-2015-4036
MD5 | e546ea2e32684af44394085e7c392187
Ubuntu Security Notice USN-2637-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2637-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-0275, CVE-2015-3636
MD5 | e2011427b39538ee07a0e881837345c8
Ubuntu Security Notice USN-2635-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2635-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-0275, CVE-2015-3636
MD5 | ad9fff787b7217fa8705b39c618ea7d6
Ubuntu Security Notice USN-2634-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2634-1 - Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3636, CVE-2015-4036
MD5 | 3f2a460977abf2e1cac9ba320e4b5d81
Ubuntu Security Notice USN-2632-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2632-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636, CVE-2015-4167
MD5 | 082ba2b887c6e0e23381acdc6a9d54fc
Ubuntu Security Notice USN-2631-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2631-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636, CVE-2015-4167
MD5 | d8b7b69612ee9fb1d4df8c4cbf76f90e
Ubuntu Security Notice USN-2636-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2636-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-0275, CVE-2015-3636, CVE-2015-4036
MD5 | 36a03c8cc4e4caa15e834311c2a953e2
Red Hat Security Advisory 2015-1087-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1087-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3209
MD5 | 6d6b4f97ff465b2f9202aa3cf0325beb
Red Hat Security Advisory 2015-1089-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1089-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3209
MD5 | e523c01f3a9b83ab76627e835189db3a
Red Hat Security Advisory 2015-1088-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1088-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3209
MD5 | 1d15bb527036b34335d73ce7dc391d63
PHP 5.6.9 Use-After-Free
Posted Jun 10, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered use-after-free vulnerability in a popular programming language PHP, which can be exploited to cause crash and possibly execute arbitrary code on the target system. The vulnerability resides within the 'spl_heap_object_free_storage()' PHP function when trying to dereference already freed memory. A local attacker can cause segmentation fault or possibly execute arbitrary code on the target system with privileges of webserver.

tags | exploit, arbitrary, local, php
MD5 | 0ad5ac60e7fbf0d834edfed166777e4a
ISPConfig 3.0.5.4p6 SQL Injection / Cross Site Request Forgery
Posted Jun 10, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

ISPConfig version 3.0.5.4p6 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2015-4118, CVE-2015-4119
MD5 | 99a317d5fab09edcd8d4faac13d73012
Bonita BPM 6.5.1 Directory Traversal / Open Redirect
Posted Jun 10, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Bonita BPM version 6.5.1 suffers from open redirect and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2015-3897, CVE-2015-3898
MD5 | 9028b9ed46c1963e2a4583bff185c749
Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery
Posted Jun 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses the website while being authenticated in the management web interface.

tags | exploit, web, csrf
advisories | CVE-2015-2805
MD5 | 9cd7f306e313c76510fa3f709212510d
Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
Posted Jun 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks.

tags | exploit, web
advisories | CVE-2015-2804
MD5 | 68ca60148b0f9b65f29ff9107c2d34cd
Elasticsearch 1.5.2 File Creation
Posted Jun 10, 2015
Authored by Kevin Kluge

Elasticsearch versions 1.0.0 through 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to create a file that another application could read and take action on, such as code execution.

tags | advisory, code execution
advisories | CVE-2015-4165
MD5 | d07b5523df7a542dabb81e2f2754dfd1
Logstash 1.4.2 Directory Traversal
Posted Jun 10, 2015
Authored by Kevin Kluge

Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to overwrite files on the server running Logstash.

tags | advisory, file inclusion
advisories | CVE-2015-4152
MD5 | 569947c0460c4ce16f56b28e82aa0030
Kibana 4.0.2 Cross Site Scripting
Posted Jun 10, 2015
Authored by Kevin Kluge

Kibana versions 4.0.0, 4.0.1, and 4.0.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-4093
MD5 | 62149ab8e82f98da762360c4cbdd0526
HP Security Bulletin HPSBUX03341 SSRT102068 1
Posted Jun 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03341 SSRT102068 1 - Potential security vulnerabilities have been identified with the HP-UX Tomcat Servlet Engine. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-0227
MD5 | 714866db0b9b56cea736db8e0bb86e32
Debian Security Advisory 3283-1
Posted Jun 10, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3283-1 - It was discovered that CUPS, the Common UNIX Printing System, is vulnerable to a remotely triggerable privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on the CUPS server.

tags | advisory, xss
systems | linux, unix, debian
advisories | CVE-2015-1158, CVE-2015-1159
MD5 | 72f4bf97d20adc240eccafb378df5286
Ubuntu Security Notice USN-2629-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2629-1 - It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. It was discovered that the CUPS templating engine contained a cross-site scripting issue. A remote attacker could use this issue to bypass default configuration settings. Various other issues were also addressed.

tags | advisory, remote, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2015-1158, CVE-2015-1159
MD5 | 8a27d32b0675fef434ca8fac6fff0992
Page 1 of 2
Back12Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    9 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close