exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-03-02

Red Hat Security Advisory 2016-0306-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0306-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
SHA-256 | 12d8bd2deb212825bc9f9f56e0fa1b109f58f9c894fcecb04e7ee03e38ed646e
Red Hat Security Advisory 2016-0305-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0305-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0800
SHA-256 | 0952f245c913f0d441f710c0e32f918dac6fc3b44edaff68a2b1b5357255344b
Red Hat Security Advisory 2016-0332-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0332-01 - An updated version of Red Hat Enterprise Linux Atomic Host is available as an OSTree.

tags | advisory
systems | linux, redhat
SHA-256 | 36f700bc832f8e4238050901ffc610838bb1ffbe03abe53f5e15777b2e3be6ac
Red Hat Security Advisory 2016-0304-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0304-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
SHA-256 | 947119e9fd5d8f11486ab1908732c47d26541cd1c088d1e31ab0fea8539714b4
Red Hat Security Advisory 2016-0303-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0303-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800
SHA-256 | 6c5b44e7561b441a8e824a9fa4d340b6a7a2b33511056e4ef067b57cd2fa096b
Red Hat Security Advisory 2016-0302-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0302-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0797, CVE-2016-0800
SHA-256 | 7f307653c8a35db568106e61a7b17d8070ee4b40d776118f84222053ea23e83c
Red Hat Security Advisory 2016-0301-01
Posted Mar 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0301-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800
SHA-256 | 2355a22eadd6bc95f2b7051a23cb14934b794d9459acfd366d78f256e320c291
WordPress CP Polls 1.0.8 Cross Site Request Forgery / Cross Site Scripting
Posted Mar 2, 2016
Authored by Joaquin Ramirez Martinez

WordPress CP Polls plugin version 1.0.8 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 8357ac1b88e48568e0b75ab46fc3e37b7f7e2fde665a9af49dcfbd05f7f0ab9c
Debian Security Advisory 3501-1
Posted Mar 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3501-1 - Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint security mechanism would be applied to the value in %ENV, but not to the other rest of the environment. This could result in an ambiguous environment causing environment variables to be propagated to subprocesses, despite the protections supposedly offered by taint checking.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2016-2381
SHA-256 | 0175db23b2e5d2977586b5d7e9b15cec7d810fb7dd51a574de92d242a41c5aa4
Ubuntu Security Notice USN-2914-1
Posted Mar 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2914-1 - Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs, a local attacker could possibly use this issue to recover RSA keys. This flaw is known as CacheBleed. Adam Langley discovered that OpenSSL incorrectly handled memory when parsing DSA private keys. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799
SHA-256 | b41695e06cd41d2e76d57c53c67028225e7af5f7b366b2f6f536e19119d0ae4b
Putty 0.66 DLL Hijacking
Posted Mar 2, 2016
Authored by Stefan Kanthak

Putty version 0.66 suffers from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 6ecc050cc5542e802afc59207ebcccd15ab0c528cfed7516506202381da1151d
Debian Security Advisory 3500-1
Posted Mar 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3500-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799
SHA-256 | 3f9c70f25ffb5429b54fefdf73340747e4caeeb652fd96453dd3848535c499db
WordPress CP Polls 1.0.8 File Upload / Cross Site Scripting
Posted Mar 2, 2016
Authored by Joaquin Ramirez Martinez

WordPress CP Polls plugin version 1.0.8 suffers from a persistent cross site scripting vulnerability via file upload.

tags | exploit, xss, file upload
SHA-256 | d0f470351ed56ed98b3366f515a352e352454d550d37a38d55acee54f832d7aa
Vivint Sky Control Panel Unauthenticated Access
Posted Mar 2, 2016
Authored by Jeremy Scott

Vivint Sky Control Panel suffers from an unauthenticated access vulnerability.

tags | advisory
advisories | CVE-2014-8362
SHA-256 | e1f9494a5c77b087852df015cc3efc94eb926402bd77c5224564a7302e61af4a
WordPress CP Polls 1.0.8 Malicious File Download
Posted Mar 2, 2016
Authored by Joaquin Ramirez Martinez

WordPress CP Polls plugin version 1.0.8 suffers from a cross site request forgery vulnerability that can be leveraged to turn a file download into a malicious .bat file.

tags | advisory, csrf
SHA-256 | d8a74ea935cf5527d08c2a6c2e256129ed3fa98c0b377e27197ba096ef05423f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close