ignore security and it'll go away
Showing 1 - 25 of 405 RSS Feed

Files Date: 2015-11-01 to 2015-11-30

CoreMail XT3.0 Cross Site Scripting
Posted Nov 29, 2015
Authored by shack.li

CoreMail version XT3.0 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-6942
MD5 | 361acb7ca2a38931a9de0f0d2426e0a6
Packet Fence 5.5.1
Posted Nov 28, 2015
Site packetfence.org

PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.

Changes: Various fixes and updates.
tags | tool, remote
systems | unix
MD5 | 753038d30029039ded0767b7add5259f
MyCustomers 1.3.873 SQL Injection
Posted Nov 28, 2015
Authored by T3NZOG4N, Mojtaba MobhaM

MyCustomers version 1.3.873 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | bfad2302469191df5a93dfdf9932c399
WEBONE 14 Cross Site Scripting
Posted Nov 28, 2015
Authored by T3NZOG4N, Mojtaba MobhaM

WEBONE CMS version 14 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e5d423fe70e96cbbf046f03703534e5d
Mind Wave Softwares 1.2 SQL Injection
Posted Nov 28, 2015
Authored by T3NZOG4N, Mojtaba MobhaM

Mind Wave Softwares version 1.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 656afe9dd7591baa0c9e83b7a44c880e
Visual Paradigm Server 10.0 Cross Site Scripting
Posted Nov 27, 2015
Authored by Manuel Mancera

Visual Paradigm Server version 10.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e73763c29114d3906a45e2af827e569b
Red Hat Security Advisory 2015-2517-01
Posted Nov 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2517-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | 8ca7828726ccafd0284b76ef659e15a6
Red Hat Security Advisory 2015-2516-01
Posted Nov 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2516-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2015-7501
MD5 | 2ff98908481157b3d767128b7c16d04c
Red Hat Security Advisory 2015-2515-01
Posted Nov 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2515-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.

tags | advisory, remote, arbitrary
systems | linux, redhat
MD5 | 92603867f8ae71c2b9527a995b6b7afb
Debian Security Advisory 3404-1
Posted Nov 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3404-1 - Ryan Butterfield discovered a vulnerability in the date template filter in python-django, a high-level Python web development framework. A remote attacker can take advantage of this flaw to obtain any secret in the application's settings.

tags | advisory, remote, web, python
systems | linux, debian
advisories | CVE-2015-8213
MD5 | d88fd71d3211ddd5a510c9013e926ccc
Ubuntu Security Notice USN-2818-1
Posted Nov 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2818-1 - It was discovered that rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed. Am attacker could use this to expose sensitive information or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4871
MD5 | 5e228cb67945fe786a60acb4b8570d7d
HP Security Bulletin HPSBGN03523 1
Posted Nov 27, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03523 1 - A potential security vulnerability has been identified in HP Loadrunner Virtual Table Server that could be exploited remotely resulting in the execution of code. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-6857
MD5 | d5bbe9a4bd5b08c5740bcfbbf6008c4a
Ubuntu Security Notice USN-2820-1
Posted Nov 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2820-1 - Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, debian, ubuntu
advisories | CVE-2015-0860
MD5 | 3e9cf1eb8dd0479116658a68800e106c
Debian Security Advisory 3407-1
Posted Nov 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3407-1 - Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2015-0860
MD5 | f2a27348b5f9a4e0ddd79dd6b67a2aae
Red Hat Security Advisory 2015-2519-01
Posted Nov 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2519-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A same-origin policy bypass flaw was found in the way Thunderbird handled certain cross-origin resource sharing requests. A web page containing malicious content could cause Thunderbird to disclose sensitive information.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2015-4513, CVE-2015-7189, CVE-2015-7193, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
MD5 | 6bc1046a15b99db8952c14b22fa84adb
Red Hat Security Advisory 2015-2520-01
Posted Nov 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2520-01 - The Network Time Protocol is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-7704
MD5 | 2901ee3079f000fc7b23d245cdee413c
Debian Security Advisory 3405-1
Posted Nov 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3405-1 - Tero Marttila discovered that the Debian packaging for smokeping installed it in such a way that the CGI implementation of Apache httpd (mod_cgi) passed additional arguments to the smokeping_cgi program, potentially leading to arbitrary code execution in response to crafted HTTP requests.

tags | advisory, web, arbitrary, cgi, code execution
systems | linux, debian
advisories | CVE-2015-0859
MD5 | 5f22316348f6b9f7f665784709b9c550
Debian Security Advisory 3406-1
Posted Nov 27, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3406-1 - It was discovered that incorrect memory allocation in the NetScape Portable Runtime library might result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2015-7183
MD5 | 1caa2e1f4d34bccd8ca969134160f476
Red Hat Security Advisory 2015-2518-01
Posted Nov 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2518-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-4805, CVE-2015-4806, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4883, CVE-2015-4902, CVE-2015-4903
MD5 | 3b3d7230ab72682f45f88bdaf566deca
ProFTPd 1.3.5a Heap Overflow
Posted Nov 27, 2015
Authored by Nicholas Lemonias

ProFTPd version 1.3.5a suffers from heap overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | ebb546df9609d5827f90fdfe2f5d1c6b
CIS Manager CMS 2015Q4 SQL Injection
Posted Nov 26, 2015
Authored by Sajjad Sotoudeh | Site vulnerability-lab.com

CIS Manager Content Management System 2015Q4 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 4cab6a8c11628061f8dbcffa84625609
Suricata IDPE 2.0.10
Posted Nov 25, 2015
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: A couple of bug fixes and one feature addition.
tags | tool, intrusion detection
systems | unix
MD5 | f840f008ea38d017b9ba2e90ef6baa0e
BisonWare BisonFTP Server 3.5 Buffer Overflow
Posted Nov 25, 2015
Authored by localh0t, Jay Turla, veerendragg | Site metasploit.com

BisonWare BisonFTP Server version 3.5 is prone to an overflow condition. This Metasploit module exploits a buffer overflow vulnerability in said application.

tags | exploit, overflow
advisories | CVE-1999-1510
MD5 | 5d283dedb9d3ab0d09f44d249431f062
EMC Isilon OneFS Privilege Escalation
Posted Nov 25, 2015
Site emc.com

EMC Isilon OneFS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions include EMC Isilon OneFS 7.2.1.0, 7.2.0.0 through 7.2.0.2, 7.1.1.0 through 7.1.1.4, and 7.1.0.x.

tags | advisory
advisories | CVE-2015-6848
MD5 | a80a4221f375c000a76b5151881af9d8
Slackware Security Advisory - pcre Updates
Posted Nov 25, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New pcre packages are available for Slackware 14.1 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-3210
MD5 | 75078f084b2671b73919bf18ee546470
Page 1 of 17
Back12345Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close