what you don't know can hurt you
Showing 1 - 21 of 21 RSS Feed

Files Date: 2016-01-11

Ubuntu Security Notice USN-2860-1
Posted Jan 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2860-1 - A race condition was discovered in the MutationObserver implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash, or execute arbitrary code with the privileges of the sandboxed render process. An issue was discovered with the page serializer in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to inject arbitrary script or HTML. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-6789, CVE-2015-6790, CVE-2015-6791, CVE-2015-8548, CVE-2015-8664
MD5 | c1283b991cded5d386f98b79520bed63
Amanda 3.3.1 Local Root Privilege Escalation
Posted Jan 11, 2016
Authored by Hacker Fantastic

Amanda version 3.3.1 suffers from a local root privilege escalation vulnerability via the setuid runtar binary.

tags | exploit, local, root
MD5 | daba55a5ef8673dfac8b757e463a496d
Linux Kernel overlayfs Local Privilege Escalation
Posted Jan 11, 2016
Authored by halfdog

This program demonstrates how to escalate privileges using an overlayfs mount within a user namespace.

tags | exploit
MD5 | cb6b4abeadb8fc888ce3a689c7f64f7c
360-FAAR Firewall Analysis Audit And Repair 0.5.2
Posted Jan 11, 2016
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: This release adds a vital omission from the last release where it now reads Cisco ASA configs with spaces at the start of lines. This release also backports Cisco ASA log parser snippets from SuperFAAR. Various other updates.
tags | tool, perl
systems | unix
MD5 | 332f5463356d02fb949201e670ace503
FireHOL 3.0.1
Posted Jan 11, 2016
Authored by Costa Tsaousis | Site firehol.org

FireHOL a simple yet powerful way to configure stateful iptables firewalls. It can be used for almost any purpose, including control of any number of internal/external/virtual interfaces, control of any combination of routed traffic, setting up DMZ routers and servers, and all kinds of NAT. It provides strong protection (flooding, spoofing, etc.), transparent caches, source MAC verification, blacklists, whitelists, and more. Its goal is to be completely abstracted and powerful but also easy to use, audit, and understand.

Changes: Added ipv6mld to simplify enabling Multicast Listener Discovery in FireHOL. Added pre_up to run commands immediately before an interface is started in VNetBuild. Various other improvements.
tags | tool, spoof, firewall
systems | linux, unix
MD5 | 1b458dd49cd249a45ba330ace516d053
Netgear 1.0.0.24 Bypass / Improper Session Management
Posted Jan 11, 2016
Authored by CSW Research Lab, Sathish Kumar

Netgear router version 1.0.0.24 with JNR1010 firmware suffers from improper session management and bypass vulnerabilities.

tags | exploit, vulnerability
MD5 | 62bc303858293284b97a06eba7aa2796
Netgear 1.0.0.24 Cross Site Request Forgery
Posted Jan 11, 2016
Authored by CSW Research Lab, Sathish Kumar

Netgear router version 1.0.0.24 with JNR1010 firmware suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 52d7f8317bef0318822caf57232b30e9
Red Hat Security Advisory 2016-0018-01
Posted Jan 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0018-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A flaw was discovered in the OpenStack Compute snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw only affects LVM or Ceph setups, or setups using filesystem storage with "use_cow_images = False".

tags | advisory
systems | linux, redhat
advisories | CVE-2015-7548
MD5 | 6b04af66529ddfe1b65a825f97de5cd5
Debian Security Advisory 3439-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3439-1 - Two vulnerabilities were discovered in Prosody, a lightweight Jabber/XMPP server.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-1231, CVE-2016-1232
MD5 | 971b779f80ab7fa374a8dd6f0be76e89
Debian Security Advisory 3437-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3437-1 - Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2015-7575
MD5 | 9a92610870bbe297daa464f56a2bbe1c
Debian Security Advisory 3438-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3438-1 - It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash. Someone with physical access to a machine could use this problem to bypass a locked session.

tags | advisory
systems | linux, debian
advisories | CVE-2015-8025
MD5 | d3f804fd5bd4788eaf39fb8a1deff04f
Debian Security Advisory 3436-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3436-1 - Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2015-7575
MD5 | 30f85a8b15c66a6d0f3b673698a91040
Debian Security Advisory 3441-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3441-1 - David Golden of MongoDB discovered that File::Spec::canonpath() in Perl returned untainted strings even if passed tainted input. This defect undermines taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2015-8607
MD5 | 460e34d4e28b918ef614612d5da1ced2
Debian Security Advisory 3440-1
Posted Jan 11, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3440-1 - When sudo is configured to allow a user to edit files under a directory that they can already write to without using sudo, they can actually edit (read and write) arbitrary files. Daniel Svartman reported that a configuration like this might be introduced unintentionally if the editable files are specified using wildcards, for example.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2015-5602
MD5 | ed048992bf96c07d4ccf17053aa06996
Red Hat Security Advisory 2016-0017-01
Posted Jan 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0017-01 - OpenStack Compute launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access through users and projects. A flaw was discovered in the OpenStack Compute snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw only affects LVM or Ceph setups, or setups using filesystem storage with "use_cow_images = False".

tags | advisory
systems | linux, redhat
advisories | CVE-2015-7548, CVE-2015-7713
MD5 | 85d9094ef5951f9ac85f155db99f5a64
GDCM 2.6.0 / 2.6.1 Out-Of-Bounds Read
Posted Jan 11, 2016
Authored by Stelios Tsampas

GDCM versions 2.6.0 and 2.6.1 suffer from an out-of-bounds read due to missing checks. The vulnerability occurs during the decoding of JPEG-LS images when the dimensions of the embedded JPEG-LS image (as specified in the JPEG headers) are smaller than the ones of the selected region (set by gdcm::ImageRegionReader::SetRegion and usually based on DICOM header values).

tags | advisory
advisories | CVE-2015-8397
MD5 | 03d0c328a0b9882494c1119a89eeb93c
GDCM 2.6.0 / 2.6.1 Integer Overflow
Posted Jan 11, 2016
Authored by Stelios Tsampas

GDCM versions 2.6.0 and 2.6.1 suffer from an integer overflow vulnerability which leads to a buffer overflow and potentially to remote code execution.

tags | advisory, remote, overflow, code execution
advisories | CVE-2015-8396
MD5 | 1035f88627d6ef386ef60b9176d4fb11
OpenBravo Hibernate HQL Injection
Posted Jan 11, 2016
Authored by Sam Ng

OpenBravo Hibernate suffers from a remote HQL injection vulnerability. Vendor has patched this in versions 3.0PR15Q3.4 and 3.0PR15Q4.1.

tags | exploit, remote
MD5 | 144d662dd33a36c7fab719c399569244
Dream Gallery 1.0 SQL Injection
Posted Jan 11, 2016
Authored by Felipe Andrian Peixoto

Dream Gallery version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b43435dbad8fed35ba11400e6f162f9d
Dolibarr 3.8.3 Cross Site Scripting
Posted Jan 11, 2016
Authored by Mickael Dorigny | Site synetis.com

Dolibarr version 3.8.3 suffers from a stored cross site scripting vulnerability.

tags | exploit, xss
MD5 | 06f1e26e3401e69cf528a8443feafb0e
WordPress JS External Link Info 1.21 Open Redirect
Posted Jan 11, 2016
Authored by Cloner-47

WordPress JS External Link Info plugin version 1.21 suffers from an open redirection vulnerability.

tags | exploit
MD5 | da5466fde5e66fc6931d48c988f6876d
Page 1 of 1
Back1Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close