what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-01-20

Cisco Security Advisory 20160120-d9036
Posted Jan 20, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Modular Encoding Platform D9036 Software could allow an unauthenticated, remote attacker to log in to the system shell with the privileges of the root user. The vulnerability occurs because the root user has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. Successful exploitation could allow the attacker to access the system with the privileges of the root user. In addition to the root user, the guest user account also has a default and static password. The guest account is created at installation and cannot be changed or deleted without impacting the functionality of the system. However, this account has limited privileges on the system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, shell, root
systems | cisco
SHA-256 | fc9d0d2252846864b39f5c3b09475bac31aed871f4a9dc779685ed832a514880
Debian Security Advisory 3450-1
Posted Jan 20, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3450-1 - Jann Horn discovered that the setuid-root mount.ecryptfs_private helper in the ecryptfs-utils would mount over any target directory that the user owns, including a directory in procfs. A local attacker could use this flaw to escalate his privileges.

tags | advisory, local, root
systems | linux, debian
advisories | CVE-2016-1572
SHA-256 | b1042bf33f07950dfbf7089796776d7e9f4596cfcb8a3486e22bff540733ed34
OpenVAS Greenbone Security Assistant Cross Site Scripting
Posted Jan 20, 2016
Authored by Sebastian Neef

OpenVAS Greenbone Security Assistant versions 6.x below 6.0.8 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-1926
SHA-256 | c100aa9dd05c58bbac1bf66e9cf62baa4cb8e642151b8bd891cc2abd39279bab
Apple Security Advisory 2016-01-19-3
Posted Jan 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-01-19-3 - Safari 9.0.3 is now available and addresses privacy and multiple memory corruption vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727, CVE-2016-1728
SHA-256 | e462c2f203f87776c54462f2cf71e63da2af33926e762713c80e27c1e4796bbc
Apple Security Advisory 2016-01-19-2
Posted Jan 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-01-19-2 - OS X El Capitan 10.11.3 and Security Update 2016-001 are now available and address memory corruption, code execution, and privilege escalation vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple, osx
advisories | CVE-2015-7995, CVE-2016-1716, CVE-2016-1717, CVE-2016-1718, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1729
SHA-256 | 100bff59d0f404f5edd70e97d638dbeff75a49bfaed850a3f6f6bf7da7f8c8fa
Apple Security Advisory 2016-01-19-1
Posted Jan 20, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-01-19-1 - iOS 9.2.1 is now available and addresses memory corruption and privacy issues.

tags | advisory
systems | cisco, apple, ios
advisories | CVE-2015-7995, CVE-2016-1717, CVE-2016-1719, CVE-2016-1720, CVE-2016-1721, CVE-2016-1722, CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727, CVE-2016-1728, CVE-2016-1730
SHA-256 | 66bd988cb715ab4f2c40371dc158bf2d8cb4a130aab3901a47e8362cb993c581
LiteSpeed Web Server 5.1.0 HTTP Header Injection
Posted Jan 20, 2016
Authored by Onur YILMAZ, Ziyahan Albeniz | Site netsparker.com

LiteSpeed Web Server version 5.1.0 suffers from an HTTP header injection vulnerability.

tags | exploit, web
SHA-256 | 76561d0d88d813f65aedad11a3ffc3863155118a995642ed7121320ace840801
Ubuntu Security Notice USN-2876-1
Posted Jan 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2876-1 - Jann Horn discovered that mount.ecryptfs_private would mount over certain directories in the proc filesystem. A local attacker could use this to escalate their privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2016-1572
SHA-256 | 8336d51aed302ea16f55200e926eb72d4d4c273b8a7f860f8cdca0f7ef0f3235
Debian Security Advisory 3449-1
Posted Jan 20, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3449-1 - It was discovered that specific APL RR data could trigger an INSIST failure in apl_42.c and cause the BIND DNS server to exit, leading to a denial-of-service.

tags | advisory
systems | linux, debian
advisories | CVE-2015-8704
SHA-256 | 9c5126f6a38834936685b484189802425c16dcb30a0def35a457930995235275
Cisco Security Advisory 20160120-ucsm
Posted Jan 20, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in a CGI script in the Cisco UCS Manager and the Cisco Firepower 9000 Series appliance could allow an unauthenticated, remote attacker to execute arbitrary commands on the Cisco Unified Computing System (UCS) Manager or the Cisco Firepower 9000 Series appliance. The vulnerability is due to unprotecting calling of shell commands in the CGI script. An attacker could exploit this vulnerability by sending a crafted HTTP request to the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. An exploit could allow the attacker to execute arbitrary commands on the Cisco UCS Manager or the Cisco Firepower 9000 Series appliance. Cisco has released software updates that address this vulnerability.

tags | advisory, remote, web, arbitrary, shell, cgi
systems | cisco
SHA-256 | 9c8fe5c6f50edaa9c3f0047fc7cc1967a178d3b69c2eb01ef7ae36795f502b11
HP Security Bulletin HPSBGN03534 1
Posted Jan 20, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03534 1 - A vulnerability in Microsoft Report Viewer was addressed by HPE Performance Center. This is a Cross-Site scripting (XSS) vulnerability that could allow remote information disclosure. Revision 1 of this advisory.

tags | advisory, remote, xss, info disclosure
advisories | CVE-2011-1976
SHA-256 | 04abf29429cd8d8be359decc853470a622f96ac378c0c6755bc6cdbc04dd6745
Linux Kernel REFCOUNT Overflow / Use-After-Free
Posted Jan 20, 2016
Authored by Perception Point Team

Linux kernel REFCOUNT overflow / use-after-free in keyrings exploit.

tags | exploit, overflow, kernel
systems | linux
advisories | CVE-2016-0728
SHA-256 | 6accf132dc4160f346048e277203e24deea0687a873e81ce785f196eeab60952
Ubuntu Security Notice USN-2874-1
Posted Jan 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2874-1 - It was discovered that Bind incorrectly handled certain APL data. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-8704
SHA-256 | 79c2264aa4bbf6599a9769e264c77651900d8554ab8ef78a9f3d91d35415cd61
OpenSCAP Libraries 1.2.8
Posted Jan 20, 2016
Site open-scap.org

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

Changes: Various updates and improvements.
tags | protocol, library
systems | unix
SHA-256 | 57512bda6726015a94a39b26e05df1753c4e266124109b976760ff14c5ade4b9
Ubuntu Security Notice USN-2875-1
Posted Jan 20, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2875-1 - It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2015-7499, CVE-2015-8710
SHA-256 | e44fbd2269ca21ca0f979180d2710977d6e765bc703e4175699f18ab18cfafc9
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close