Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

Files Date: 2016-01-21

Ubuntu Security Notice USN-2879-1
Posted Jan 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2879-1 - It was discovered that rsync incorrectly handled invalid filenames. A malicious server could use this issue to write files outside of the intended destination directory.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-9512
MD5 | d6b31d92417c2db98d85ba815632d537
Ubuntu Security Notice USN-2878-1
Posted Jan 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2878-1 - David Golden discovered that the canonpath function in the Perl File::Spec module did not properly preserve the taint attribute. An attacker could possibly use this issue to bypass the taint protection mechanism.

tags | advisory, perl
systems | linux, ubuntu
advisories | CVE-2015-8607
MD5 | 2b434ec6295509ca278fb39405053259
Red Hat Security Advisory 2016-0062-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0062-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0876, CVE-2012-1148, CVE-2013-5704, CVE-2015-3183
MD5 | 280a21b2eb780c1cb5314303a521c2c8
OpenDNSSEC 1.4.9
Posted Jan 21, 2016
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: The main motivations for this release are bug fixes related to use cases with large number of zones (more than 50 zones) in combination with an XFR based setup. Too much concurrent zone transfers causes new transfers to be held back. These excess transfers however were not properly scheduled for later. No migration steps needed when upgrading from OpenDNSSEC 1.4.8.
tags | tool
systems | unix
MD5 | 7d0c9e54d7ed36c6f6be9636997bea90
Avast Sandbox/Autosandbox Message Filtering Vulnerable To MS13-005
Posted Jan 21, 2016
Authored by Tavis Ormandy, Google Security Research

Avast Sandbox/Autosandbox message filtering suffers from a flaw that allows for privilege escalation.

tags | exploit
systems | linux
MD5 | d37ccf375df18f9d1bae25414c1f6d19
Red Hat Security Advisory 2016-0061-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0061-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2013-5704, CVE-2015-3183
MD5 | 6837bacdf2188ff9c995f06c32762043
xwpe 1.5.30a-2.1 Buffer Overflow
Posted Jan 21, 2016
Authored by Juan Sacco

xwpe versions 1.5.30a-2.1 and below are prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input.

tags | exploit, overflow
MD5 | d7336c4453dc3f7cd9e4ef855cb61093
WiX Toolset DLL Hijacking
Posted Jan 21, 2016
Authored by Stefan Kanthak

WiX Toolset installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
MD5 | ef40029dce21c24b54861e39e656e5ea
Quick CMS 6.1 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 21, 2016
Authored by Amir.ght

Quick CMS version 6.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 6bda31e7ba0c9bcaa2732ab90504dc9d
Red Hat Security Advisory 2016-0054-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0054-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-4871, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
MD5 | 773bf9e441f86dc06de6594d998a4aa8
Red Hat Security Advisory 2016-0056-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0056-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
MD5 | 33bc0eab4652405903e8b99a1ba5e50b
Red Hat Security Advisory 2016-0053-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0053-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-4871, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
MD5 | 9ca048c155e5f88d207304e54b07a061
Red Hat Security Advisory 2016-0055-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0055-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
MD5 | 5ffbade2b9d9655ff8f9c8753b626b18
Red Hat Security Advisory 2016-0057-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0057-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
MD5 | 301a5980ca11ed74c368370e43947c37
Java Platform SE 6 U24 HtmlConverter.exe Buffer Overflow
Posted Jan 21, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Java Platform SE 6 U24 HtmlConverter.exe version 6.0.240.50 suffers from a buffer overflow vulnerability.

tags | exploit, java, overflow
MD5 | 25a07e2a2b1a874f104c80e6c51a36cc
GRR 3.0.0-RC1 Remote Code Execution / File Upload
Posted Jan 21, 2016
Authored by kmkz

GRR versions 3.0.0-RC1 and below suffer from a remote code execution vulnerability with privilege escalation through a file upload filter bypass.

tags | exploit, remote, code execution, file upload
MD5 | 13a8cc1e44c11c12e9c2addac78f9e52
Red Hat Security Advisory 2016-0049-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0049-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
MD5 | 5ab1ac7523c68219724fb54e3040b6a6
Red Hat Security Advisory 2016-0050-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0050-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
MD5 | aed145881f5429016fa2fa78a93ce107
QuickAuth Pebble Man-In-The-Middle
Posted Jan 21, 2016

QuickAuth Pebble loads TOTP keys in the clear over HTTP and is susceptible to man-in-the-middle attacks.

tags | advisory, web
MD5 | 080eb04a690de53be27572542968ba6e
OpenCart Failed Fix
Posted Jan 21, 2016
Authored by Scott Arciszewski

OpenCart failed to properly address a directory traversal vulnerability.

tags | advisory
MD5 | 0e26fe00119034f541cb45889b0c2744
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close