what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files Date: 2016-01-21

Ubuntu Security Notice USN-2879-1
Posted Jan 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2879-1 - It was discovered that rsync incorrectly handled invalid filenames. A malicious server could use this issue to write files outside of the intended destination directory.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2014-9512
SHA-256 | 58f94c305f507b90b4409a90ad30385ea19698a55a6c912f46ee10c91c859e92
Ubuntu Security Notice USN-2878-1
Posted Jan 21, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2878-1 - David Golden discovered that the canonpath function in the Perl File::Spec module did not properly preserve the taint attribute. An attacker could possibly use this issue to bypass the taint protection mechanism.

tags | advisory, perl
systems | linux, ubuntu
advisories | CVE-2015-8607
SHA-256 | 3db55d3bf074181b89629f8f752f3b60d2dc5f2b3f784857fbf7ab1ae0c7d086
Red Hat Security Advisory 2016-0062-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0062-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-0876, CVE-2012-1148, CVE-2013-5704, CVE-2015-3183
SHA-256 | 1636a44af0501528e041cd74d9e0faab81917561cfbed4a1bef6268292d7e47c
OpenDNSSEC 1.4.9
Posted Jan 21, 2016
Site opendnssec.org

OpenDNSSEC is software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Changes: The main motivations for this release are bug fixes related to use cases with large number of zones (more than 50 zones) in combination with an XFR based setup. Too much concurrent zone transfers causes new transfers to be held back. These excess transfers however were not properly scheduled for later. No migration steps needed when upgrading from OpenDNSSEC 1.4.8.
tags | tool
systems | unix
SHA-256 | 50a157d26d8b9ae370cd7fa52c7c6f43f4c77aeeb5d0fccd6a2e92c7dfc1d88e
Avast Sandbox/Autosandbox Message Filtering Vulnerable To MS13-005
Posted Jan 21, 2016
Authored by Tavis Ormandy, Google Security Research

Avast Sandbox/Autosandbox message filtering suffers from a flaw that allows for privilege escalation.

tags | exploit
systems | linux
SHA-256 | 11123d8f04f7157f84cdc92816ac901eeb5aa4e1ff0b49448154baf59b27196c
Red Hat Security Advisory 2016-0061-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0061-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2013-5704, CVE-2015-3183
SHA-256 | 24a856d50a46db75a2b42715c16401c84cab00721d784dc0aaf04982e3864f7b
xwpe 1.5.30a-2.1 Buffer Overflow
Posted Jan 21, 2016
Authored by Juan Sacco

xwpe versions 1.5.30a-2.1 and below are prone to a stack-based buffer overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied input.

tags | exploit, overflow
SHA-256 | a4919457bf2da63d581b5aae4f06c9ad9e2b5379274e85a42e35cbaacd600302
WiX Toolset DLL Hijacking
Posted Jan 21, 2016
Authored by Stefan Kanthak

WiX Toolset installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 392db3509927ad38eb89dd7758d1f34327b87217ca0ddcffb49a9984cd877f74
Quick CMS 6.1 Cross Site Request Forgery / Cross Site Scripting
Posted Jan 21, 2016
Authored by Amir.ght

Quick CMS version 6.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 8854dace4f9cbaee5314c4c8af2d0f77520ac18d7478291cd4888679dca4041b
Red Hat Security Advisory 2016-0054-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0054-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-4871, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
SHA-256 | 9c563bb8b9e2eea5b08d1c62306cd76b8edf7b6fa4d698fa3811c45bf60324fc
Red Hat Security Advisory 2016-0056-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0056-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
SHA-256 | 63ba3e35e78846c54fbf5b6d993d7ce4b576d0f774abf220f2138ecdd96aca87
Red Hat Security Advisory 2016-0053-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0053-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-4871, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
SHA-256 | 3be5dffa75f02e63bc29dc4d1fc7da3c3b30bef29c49a4a878d9cf9ba523b04e
Red Hat Security Advisory 2016-0055-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0055-01 - Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
SHA-256 | b40448498e10595f080684d063b66d9b1e04c6fba568af426eba2d3e33aaefa4
Red Hat Security Advisory 2016-0057-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0057-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
SHA-256 | e11cf361ce84a75486b6566fd82f9240bd8c241d9863dfa68221e3b538e0039c
Java Platform SE 6 U24 HtmlConverter.exe Buffer Overflow
Posted Jan 21, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Java Platform SE 6 U24 HtmlConverter.exe version 6.0.240.50 suffers from a buffer overflow vulnerability.

tags | exploit, java, overflow
SHA-256 | c26dad11dc7a3b97b9cbe8edf6f976878186e3d92c3d957301ddda94e2f412c6
GRR 3.0.0-RC1 Remote Code Execution / File Upload
Posted Jan 21, 2016
Authored by kmkz

GRR versions 3.0.0-RC1 and below suffer from a remote code execution vulnerability with privilege escalation through a file upload filter bypass.

tags | exploit, remote, code execution, file upload
SHA-256 | 286b498185c854403d0e567a816f5429b38d05890d5fa5454fe997be0829251f
Red Hat Security Advisory 2016-0049-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0049-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
SHA-256 | 47abffb2d9817bf8cc2b5dd087e26ebb38def15423c3b839b7d5d3801925f7c6
Red Hat Security Advisory 2016-0050-01
Posted Jan 21, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0050-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions.

tags | advisory, java, arbitrary
systems | linux, redhat
advisories | CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494
SHA-256 | 923f7f1fb19af9c07fe713c659a98bb0ea548a82a1793d6a8a53efc9b007eb16
QuickAuth Pebble Man-In-The-Middle
Posted Jan 21, 2016

QuickAuth Pebble loads TOTP keys in the clear over HTTP and is susceptible to man-in-the-middle attacks.

tags | advisory, web
SHA-256 | 427e900319b144508503fda3ef825f8938285cdb168278c868e75d07bf751d30
OpenCart Failed Fix
Posted Jan 21, 2016
Authored by Scott Arciszewski

OpenCart failed to properly address a directory traversal vulnerability.

tags | advisory
SHA-256 | 70f25d17535ccb3b77e499f6d07f084657b709f051cdb9e0bdf5b5143c82a422
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    8 Files
  • 6
    Jul 6th
    8 Files
  • 7
    Jul 7th
    4 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close