seeing is believing
Showing 1 - 20 of 20 RSS Feed

Files Date: 2015-08-13

OpenSSH 6.9p1 Authentication Bypass / Use-After-Free
Posted Aug 13, 2015
Authored by Moritz Jodeit | Site bluefrostsecurity.de

OpenSSH versions 6.9p1 and below suffer from PAM related authentication bypass and use-after-free vulnerabilities.

tags | advisory, vulnerability
MD5 | 8248389ce15df7f00afb82bc45a727ca
Nuance PowerPDF Advanced 1.0 / 1.1 Information Disclosure
Posted Aug 13, 2015
Authored by Christopher Hudel

Nuance PowerPDF Advanced versions 1.0 and 1.1 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
MD5 | e3f107d40e73cd86a31fed3ab1380061
Enorth Webpublisher CMS SQL Injection
Posted Aug 13, 2015
Authored by xin.wang

Enorth Webpublisher CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2015-5617
MD5 | 16ec67887dabd6958470c94b64122b63
Apple Security Advisory 2015-08-13-4
Posted Aug 13, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-08-13-4 - OS X Server v4.1.5 is now available and addresses a BIND related denial of service vulnerability.

tags | advisory, denial of service
systems | apple, osx
advisories | CVE-2015-5477
MD5 | 8e797c7b85aba77343d820013d686ddf
Apple Security Advisory 2015-08-13-3
Posted Aug 13, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-08-13-3 - iOS 8.4.1 is now available and addresses vulnerabilities in the afc command, AirTraffic, symlinks, and more.

tags | advisory, vulnerability
systems | cisco, apple, ios
advisories | CVE-2012-6685, CVE-2014-0191, CVE-2014-3660, CVE-2015-3729, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753
MD5 | d8cda17ac9c0eee598e2d4b3e5228f71
Apple Security Advisory 2015-08-13-2
Posted Aug 13, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-08-13-2 - OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2009-5044, CVE-2009-5078, CVE-2012-6685, CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2013-7040, CVE-2013-7338, CVE-2013-7422, CVE-2014-0067, CVE-2014-0106, CVE-2014-0191, CVE-2014-1912, CVE-2014-3581, CVE-2014-3583, CVE-2014-3613, CVE-2014-3620, CVE-2014-3660, CVE-2014-3707, CVE-2014-7185, CVE-2014-7844, CVE-2014-8109, CVE-2014-8150, CVE-2014-8151, CVE-2014-8161, CVE-2014-8767, CVE-2014-8769
MD5 | 4a5d37a22b2a5dc65f8821a63540e1c6
Apple Security Advisory 2015-08-13-1
Posted Aug 13, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-08-13-1 - Safari 8.0.8, Safari 7.1.8, and Safari 6.2.8 is now available and addresses interface spoofing, arbitrary code execution, and various other vulnerabilities.

tags | advisory, arbitrary, spoof, vulnerability, code execution
systems | apple
advisories | CVE-2015-3729, CVE-2015-3730, CVE-2015-3731, CVE-2015-3732, CVE-2015-3733, CVE-2015-3734, CVE-2015-3735, CVE-2015-3736, CVE-2015-3737, CVE-2015-3738, CVE-2015-3739, CVE-2015-3740, CVE-2015-3741, CVE-2015-3742, CVE-2015-3743, CVE-2015-3744, CVE-2015-3745, CVE-2015-3746, CVE-2015-3747, CVE-2015-3748, CVE-2015-3749, CVE-2015-3750, CVE-2015-3751, CVE-2015-3752, CVE-2015-3753, CVE-2015-3754, CVE-2015-3755
MD5 | 54e34db5857a3e2b16149fb16bf2221b
Red Hat Security Advisory 2015-1623-01
Posted Aug 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1623-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.

tags | advisory, remote, denial of service, kernel, udp
systems | linux, redhat
advisories | CVE-2015-5364, CVE-2015-5366
MD5 | dbae227cae6c20fb692d59aa3cdb8e62
Red Hat Security Advisory 2015-1622-01
Posted Aug 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1622-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2014-0230, CVE-2014-7810
MD5 | c652dacb7693c7f0378317984d464d07
Red Hat Security Advisory 2015-1621-01
Posted Aug 13, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1621-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2014-0230, CVE-2014-7810
MD5 | 5b1af58d7d85edd044c69a154598ac47
HP Security Bulletin HPSBGN03393 1
Posted Aug 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03393 1 - A potential security vulnerability has been identified with HP Operations Manager i (OMi) running on Linux and Windows. The vulnerability could be exploited remotely to execute code. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2015-2137
MD5 | 5a5739dc56014c07fdea2bff5cbd441f
HP Security Bulletin HPSBGN03386 1
Posted Aug 13, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03386 1 - A potential security vulnerability has been identified with HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, and Subscription Fraud Prevention. The vulnerabilities could be exploited remotely and locally to allow disclosure of information. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-5406, CVE-2015-5407, CVE-2015-5408
MD5 | f354834f1eb96c577cabb02bc91bc91c
Debian Security Advisory 3335-1
Posted Aug 13, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3335-1 - It was discovered that Request Tracker, an extensible trouble-ticket tracking system is susceptible to a cross-site scripting attack via the user an group rights management pages and via the cryptography interface, allowing an attacker with a carefully-crafted key to inject JavaScript into RT's user interface. Installations which use neither GnuPG nor S/MIME are unaffected by the second cross-site scripting vulnerability.

tags | advisory, javascript, xss
systems | linux, debian
advisories | CVE-2015-5475
MD5 | df60ed0b4d5e91fd9ef665f132c7cbb2
SAP Security Notes August 2015
Posted Aug 13, 2015
Authored by Dmitry Chastuhin, Vahagn Vardanyan, Roman Bejan

SAP has released the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the SAP HANA security area. The most popular vulnerability is cross site scripting.

tags | advisory, vulnerability, xss
MD5 | bbe411ea9ffbae20b77595363cfee9f1
Cisco Unified Communications Manager Command Execution
Posted Aug 13, 2015
Authored by Bernhard Mueller

Cisco Unified Communications Manager versions prior to 11.0.1, 10.5.2, and 9.2 suffer from multiple command execution vulnerabilities.

tags | exploit, vulnerability, file inclusion
systems | cisco
advisories | CVE-2014-6271
MD5 | 087de88cbc5124421a285bf18e1d7595
TOTOLink Backdoor Persistence
Posted Aug 13, 2015
Authored by Pierre Kim

Although they have provided an image with it disabled on start up, TOTOLink routers still have a backdoor built into them.

tags | advisory
MD5 | 7dfd03389aec52abd9ffabdddb197959
Zend Framework 2.4.2 / 1.12.13 XXE Injection
Posted Aug 13, 2015
Authored by Dawid Golunski

Zend Framework versions 2.4.2 and below and 1.12.13 and below suffer from an XML external entity injection vulnerability.

tags | exploit
advisories | CVE-2015-5161
MD5 | 6aa1557fd5cb4c0b8c6ab8c1cb6103fd
Wireshark Analyzer 1.12.7
Posted Aug 13, 2015
Authored by Gerald Combs | Site wireshark.org

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.

Changes: Multiple bug fixes and updates.
tags | tool, sniffer, protocol
systems | windows, unix
MD5 | c8ae53f648b1dcbf6e74495401a0f1ab
NetRipper Smart Traffic Sniffer
Posted Aug 13, 2015
Authored by Ionut Popescu

NetRipper is a post exploitation tool targeting Windows systems which uses API hooking in order to intercept network traffic and encryption related functions from a low privileged user, being able to capture both plain-text traffic and encrypted traffic before encryption/after decryption.

tags | tool, sniffer
systems | windows
MD5 | 6c18d902400de5229d49489881b09e04
OpenSSH 7.0p1
Posted Aug 13, 2015
Authored by Damien Miller | Site openssh.com

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

Changes: This is primarily a bugfix release.
tags | tool, encryption
systems | linux, unix, openbsd
MD5 | 831883f251ac34f0ab9c812acc24ee69
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    6 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close