what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 40 RSS Feed

Files Date: 2015-06-10

Pandora FMS 5.0 / 5.1 Authentication Bypass
Posted Jun 10, 2015
Authored by A. Tsvetkov, Manuel Mancera

Pandora FMS versions 5.0 and 5.1 suffer from an authentication bypass vulnerability.

tags | exploit, bypass
SHA-256 | 101abb232873cca16dc19d18de85b3977b7db101c7823334f4b70fcada3423a8
Red Hat Security Advisory 2015-1086-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1086-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.

tags | advisory, web, arbitrary, vulnerability
systems | linux, redhat
advisories | CVE-2015-3096, CVE-2015-3098, CVE-2015-3099, CVE-2015-3100, CVE-2015-3102, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107, CVE-2015-3108
SHA-256 | db83beac5fe93d8aefca50eb522e34464a8b354f0e56501cf40abcb40932e378
Ubuntu Security Notice USN-2630-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2630-1 - Matt Tait discovered that QEMU incorrectly handled the virtual PCNET driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kurt Seifried discovered that QEMU incorrectly handled certain temporary files. A local attacker could use this issue to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2015-3209, CVE-2015-4037, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106
SHA-256 | 0cf8d12b43821d761977856e4b4c7a6239ab8e88288255906bfafed04c494023
Ubuntu Security Notice USN-2638-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2638-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-0275, CVE-2015-3636, CVE-2015-4036
SHA-256 | 6942662bbc2cf4e39a28196fa2be2e88a0c52615e70e44cc00752fd789290733
Ubuntu Security Notice USN-2633-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2633-1 - Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3636, CVE-2015-4036
SHA-256 | 94a979aa18d5d19f77e0fd9139085db8fede248b5ca99633d3dd5e43fb0d843c
Ubuntu Security Notice USN-2637-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2637-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-0275, CVE-2015-3636
SHA-256 | 4e1e1f887e80da6543fabb8678249142a514c1579b76e665fb11950144e98f67
Ubuntu Security Notice USN-2635-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2635-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-0275, CVE-2015-3636
SHA-256 | 8eb3f8978ff14d623d6e1288082230f137fbcf13c00e7e4162587e2623df9b8f
Ubuntu Security Notice USN-2634-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2634-1 - Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. A memory corruption flaw was discovered in the Linux kernel's scsi subsystem. A local attacker could potentially exploit this flaw to cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-3636, CVE-2015-4036
SHA-256 | 21a8fca232d6d70cebc3cfa7f141aba457f6c73dbbdf9dd206b248bfe0e4c097
Ubuntu Security Notice USN-2632-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2632-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636, CVE-2015-4167
SHA-256 | 3ebb55213318d601853a12f0808728a6b4ce09f74d102780213ab5e5f49f8627
Ubuntu Security Notice USN-2631-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2631-1 - Jan Beulich discovered the Xen virtual machine subsystem of the Linux kernel did not properly restrict access to PCI command registers. A local guest user could exploit this flaw to cause a denial of service (host crash). A privilege escalation was discovered in the fork syscall via the int80 entry on 64 bit kernels with 32 bit emulation support. An unprivileged local attacker could exploit this flaw to increase their privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-2150, CVE-2015-2830, CVE-2015-3331, CVE-2015-3636, CVE-2015-4167
SHA-256 | dcf2ecac03d8b8b31c3d14dee7a678bcbea7092733daae8ed72b7b8b585b517f
Ubuntu Security Notice USN-2636-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2636-1 - Xiong Zhou discovered a bug in the way the EXT4 filesystem handles fallocate zero range functionality when the page size is greater than the block size. A local attacker could exploit this flaw to cause a denial of service (system crash). Wen Xu discovered a use-after-free flaw in the Linux kernel's ipv4 ping support. A local user could exploit this flaw to cause a denial of service (system crash) or gain administrative privileges on the system. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-0275, CVE-2015-3636, CVE-2015-4036
SHA-256 | 3be06843caf5c63588549fe3a96b94810645e9d0efc26779131f51e2c0c64f64
Red Hat Security Advisory 2015-1087-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1087-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3209
SHA-256 | 0fe1945be6bf962325bee5e730727f5f8ea145f6c15adc6c7d73a550c9144439
Red Hat Security Advisory 2015-1089-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1089-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3209
SHA-256 | b4c26c5ed1a0b3e115749608ddee7e1368cd77c7cb48bf24870a5399e75da672
Red Hat Security Advisory 2015-1088-01
Posted Jun 10, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1088-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2015-3209
SHA-256 | e096b5cda74de0e4008ee21cfe87fe2c036e2a6ffb12d3f0be5fd982807358d1
PHP 5.6.9 Use-After-Free
Posted Jun 10, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

High-Tech Bridge Security Research Lab discovered use-after-free vulnerability in a popular programming language PHP, which can be exploited to cause crash and possibly execute arbitrary code on the target system. The vulnerability resides within the 'spl_heap_object_free_storage()' PHP function when trying to dereference already freed memory. A local attacker can cause segmentation fault or possibly execute arbitrary code on the target system with privileges of webserver.

tags | exploit, arbitrary, local, php
SHA-256 | 97375f017fbc6339f20309d1873f364d4f4bb2e3171ae12a6883001f4efb66fc
ISPConfig 3.0.5.4p6 SQL Injection / Cross Site Request Forgery
Posted Jun 10, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

ISPConfig version 3.0.5.4p6 suffers from cross site request forgery and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
advisories | CVE-2015-4118, CVE-2015-4119
SHA-256 | 7b20edde24f0f1fb2d963049457764c5312fb3b6037c0261c180f81ce8d63252
Bonita BPM 6.5.1 Directory Traversal / Open Redirect
Posted Jun 10, 2015
Authored by High-Tech Bridge SA | Site htbridge.com

Bonita BPM version 6.5.1 suffers from open redirect and directory traversal vulnerabilities.

tags | exploit, vulnerability, file inclusion
advisories | CVE-2015-3897, CVE-2015-3898
SHA-256 | 318aebbb7238bd95d83a383ed6cec374ab8164e93742363befdec484d42c0016
Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery
Posted Jun 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses the website while being authenticated in the management web interface.

tags | exploit, web, csrf
advisories | CVE-2015-2805
SHA-256 | ebb5b0b74f92ebf4cf2025ae52d59a24ba40fc8487415190d9d0bd7efdc814ad
Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
Posted Jun 10, 2015
Site redteam-pentesting.de

During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks.

tags | exploit, web
advisories | CVE-2015-2804
SHA-256 | 81e6be2bf4112b23f31a9a4eb65f9147c563e93f5117e6190c5f3a95354f3823
Elasticsearch 1.5.2 File Creation
Posted Jun 10, 2015
Authored by Kevin Kluge

Elasticsearch versions 1.0.0 through 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to create a file that another application could read and take action on, such as code execution.

tags | advisory, code execution
advisories | CVE-2015-4165
SHA-256 | 40fbbad63203d51d9594c5a223b36155c3bc025496d567a1cd717891d12e5525
Logstash 1.4.2 Directory Traversal
Posted Jun 10, 2015
Authored by Kevin Kluge

Logstash versions 1.4.2 and prior are vulnerable to a directory traversal attack that allows an attacker to overwrite files on the server running Logstash.

tags | advisory, file inclusion
advisories | CVE-2015-4152
SHA-256 | 15f05c723e1b04d767214a61d1c74ca2c6761f51c75c29b5564d9ff5525fe92f
Kibana 4.0.2 Cross Site Scripting
Posted Jun 10, 2015
Authored by Kevin Kluge

Kibana versions 4.0.0, 4.0.1, and 4.0.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2015-4093
SHA-256 | 49c7e5c94dc36f2240b1ab23d6ffcbb9873f9a1280b585195865fccb340cad36
HP Security Bulletin HPSBUX03341 SSRT102068 1
Posted Jun 10, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03341 SSRT102068 1 - Potential security vulnerabilities have been identified with the HP-UX Tomcat Servlet Engine. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-0227
SHA-256 | 27c4a14678f484ed9939574e552c6be1866f9f3fde8c488f6d223027bfe42693
Debian Security Advisory 3283-1
Posted Jun 10, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3283-1 - It was discovered that CUPS, the Common UNIX Printing System, is vulnerable to a remotely triggerable privilege escalation via cross-site scripting and bad print job submission used to replace cupsd.conf on the CUPS server.

tags | advisory, xss
systems | linux, unix, debian
advisories | CVE-2015-1158, CVE-2015-1159
SHA-256 | 4bb1f8f597ffb70d92f9dbd9bb3ce6a9a6d999bdf0da483f77b50b2026719800
Ubuntu Security Notice USN-2629-1
Posted Jun 10, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2629-1 - It was discovered that CUPS incorrectly handled reference counting when handling localized strings. A remote attacker could use this issue to escalate permissions, upload a replacement CUPS configuration file, and execute arbitrary code. It was discovered that the CUPS templating engine contained a cross-site scripting issue. A remote attacker could use this issue to bypass default configuration settings. Various other issues were also addressed.

tags | advisory, remote, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2015-1158, CVE-2015-1159
SHA-256 | 03f971a061a4371443052c07993058ec10e7014c262199ef78bfd21952540544
Page 1 of 2
Back12Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    19 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close