Exploit the possiblities
Showing 1 - 25 of 44 RSS Feed

Files Date: 2016-01-28

Red Hat Security Advisory 2016-0087-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0087-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1568, CVE-2016-1714
MD5 | 233a50dce35d01a977e0a02556f8b518
Red Hat Security Advisory 2016-0085-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0085-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1714
MD5 | 4fa0b330a02471e2ba73baa071526ca9
Debian Security Advisory 3459-1
Posted Jan 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3459-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.47.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616
MD5 | 9bcd1e0331009e6ccd525d2e62eed9b8
Red Hat Security Advisory 2016-0084-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0084-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1568, CVE-2016-1714
MD5 | 8eefa27ea933c9319807e5e9dc839f29
Red Hat Security Advisory 2016-0081-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0081-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1714
MD5 | 8b5231f9d5f01469ab02d0e86e3bd8d9
Red Hat Security Advisory 2016-0083-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0083-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1714
MD5 | b53b529a68817889348a42c611b20aa1
Red Hat Security Advisory 2016-0086-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0086-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1568, CVE-2016-1714
MD5 | daba82b331cf1c40d969d45229fec927
Red Hat Security Advisory 2016-0088-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0088-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A use-after-free flaw was found in the way QEMU's IDE AHCI emulator processed certain AHCI Native Command Queuing AIO commands. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1568, CVE-2016-1714
MD5 | cec916101d419a0c601e005320e0469a
Red Hat Security Advisory 2016-0082-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0082-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2016-1714
MD5 | 66f66ff09d0cfc73b78cff5b82928a83
Netgear GS105Ev2 Authentication Bypass / XSS / CSRF
Posted Jan 28, 2016
Authored by Benedikt Westermann

The Netgear GS105Ev2 gigabit switch suffers from authentication bypass, cross site request forgery, cross site scripting, and various other vulnerabilities.

tags | exploit, vulnerability, xss, bypass, csrf
advisories | CVE-2014-4864
MD5 | acc00afd8989058927155ac8346f03df
Debian Security Advisory 3458-1
Posted Jan 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3458-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosure, denial of service and insecure cryptography.

tags | advisory, java, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494
MD5 | e6aecc8f3195e1fd21bec4bdd130cc61
Debian Security Advisory 3457-1
Posted Jan 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3457-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

tags | advisory, overflow, arbitrary, crypto
systems | linux, debian
advisories | CVE-2015-7575, CVE-2016-1930, CVE-2016-1935
MD5 | 4b063b5e0413f1e0f06bcc5d3f9f9918
Ubuntu Security Notice USN-2882-1
Posted Jan 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2882-1 - Isaac Boukris discovered that curl could incorrectly re-use NTLM proxy credentials when subsequently connecting to the same host.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2016-0755
MD5 | ed1dd1d742c79959c7c834167708bf80
Cisco Security Advisory 20160127-rv220
Posted Jan 28, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices could allow an unauthenticated, remote attacker to bypass authentication and gain administrative privileges on a targeted device. The vulnerability is due to insufficient input validation of HTTP request headers that are sent to the web-based management interface of an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the management interface of a targeted device. Depending on whether remote management is configured for the device, the management interface may use the SQL code in the HTTP request header to determine user privileges for the device. A successful exploit could allow the attacker to bypass authentication on the management interface and gain administrative privileges on the device. Cisco released a firmware update that addresses this vulnerability. There are workarounds that mitigate this vulnerability.

tags | advisory, remote, web
systems | cisco
MD5 | 9f92799dac0f994c145edc253ae0983e
Cisco Security Advisory 20160127-waascifs
Posted Jan 28, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Common Internet File System (CIFS) optimization feature of the Cisco Wide Area Application Service (WAAS) device could allow an unauthenticated, remote attacker to perform a resource consumption attack which, could result in a complete denial of service (DoS) condition. The vulnerability is due to insufficient flow handling of incoming CIFS traffic. An attacker could exploit this vulnerability by sending malicious traffic designed to trigger the vulnerability. An exploit could allow the attacker to cause a DoS condition by exhausting system buffering resources, resulting in a reload of the affected device.

tags | advisory, remote, denial of service
systems | cisco
MD5 | 673d826ed50187a6d8e3f8e52b762b23
Ubuntu Security Notice USN-2883-1
Posted Jan 28, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2883-1 - Antonio Sanso discovered that OpenSSL reused the same private DH exponent for the life of a server process when configured with a X9.42 style parameter file. This could allow a remote attacker to possibly discover the server's private DH exponent when being used with non-safe primes.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-0701
MD5 | 1714cfa29ecd88800a3dd33dbdd5c956
Red Hat Security Advisory 2016-0079-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0079-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2015-5477, CVE-2015-5722, CVE-2015-8000
MD5 | ef0d7901d4c66b8d3cb693c33916cb38
Red Hat Security Advisory 2016-0078-01
Posted Jan 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0078-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2014-8500, CVE-2015-5477, CVE-2015-5722, CVE-2015-8000
MD5 | 65c451c3ffec74d06e5c4578d05d3522
Log2Space Central 6.2 Cross Site Scripting
Posted Jan 28, 2016
Authored by Rahul Pratap Singh

Log2Space Central version 6.2 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | bfeda8c119a04c5e89fd2b562875e89d
Suricata IDPE 3.0
Posted Jan 28, 2016
Site openinfosecfoundation.org

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

Changes: Improved detection options, including multi-tenancy and xbits. Performance and scalability much improved. Various other improvements.
tags | tool, intrusion detection
systems | unix
MD5 | a964af69263592c625b56f72d49e8d24
Ipswitch MOVEit DMZ 8.1 Information Disclosure
Posted Jan 28, 2016
Authored by Profundis Labs, Philipp Rocholl | Site profundis-labs.com

Ipswitch MOVEit DMZ versions 8.1 and below suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2015-7680
MD5 | 9c8b9103d83576d4396e98e3c50b2354
Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Scripting
Posted Jan 28, 2016
Authored by Profundis Labs, Philipp Rocholl | Site profundis-labs.com

Ipswitch MOVEit Mobile versions 1.2.0.962 and below suffer from a reflective cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7679
MD5 | 40c53a2f7fd6b9fc75fee87c6ae853af
Ipswitch MOVEit Mobile 1.2.0.962 Cross Site Request Forgery
Posted Jan 28, 2016
Authored by Profundis Labs, Philipp Rocholl | Site profundis-labs.com

Ipswitch MOVEit Mobile versions 1.2.0.962 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-7678
MD5 | 24fabcc118d46c189c03241eebbbddef
Ipswitch MOVEit DMZ 8.1 File ID Enumeration
Posted Jan 28, 2016
Authored by Profundis Labs, Philipp Rocholl | Site profundis-labs.com

Ipswitch MOVEit DMZ versions 8.1 and below suffer from a file id enumeration vulnerability.

tags | exploit
advisories | CVE-2015-7677
MD5 | a3f27f5a8331f7301b58607ffb57440f
Ipswitch MOVEit DMZ 8.1 Persistent Cross Site Scripting
Posted Jan 28, 2016
Authored by Profundis Labs, Philipp Rocholl | Site profundis-labs.com

Ipswitch MOVEit DMZ versions 8.1 and below suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2015-7676
MD5 | 7f8c834238cc25e75378265f025a7bcb
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    4 Files
  • 19
    Nov 19th
    2 Files
  • 20
    Nov 20th
    9 Files
  • 21
    Nov 21st
    15 Files
  • 22
    Nov 22nd
    23 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close