Exploit the possiblities
Showing 1 - 25 of 33 RSS Feed

Files Date: 2016-03-03

Liferay Portal 5.1.2 Cross Site Scripting
Posted Mar 3, 2016
Authored by Sarim Kiani

Liferay Portal version 5.1.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ddffe98a77e608970ae47936e83ad638
GNU Transport Layer Security Library 3.4.10
Posted Mar 3, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the current stable release.

Changes: This is a bug fix release of the current stable branch. Eliminated issues preventing buffers more than 2^32 bytes to be used with hashing functions in libgnutls. Corrected leaks and other issues in gnutls_x509_crt_list_import() in libgnutls. Various other fixes.
tags | protocol, library
MD5 | fe9a0dc5adf205122f01a3e7dac5f8dd
360-FAAR Firewall Analysis Audit And Repair 0.5.7
Posted Mar 3, 2016
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: Various updates.
tags | tool, perl
systems | unix
MD5 | 53c3fed007d6fe8832181128c05510a5
IPSet Bash Completion 2.9.2
Posted Mar 3, 2016
Authored by AllKind | Site sourceforge.net

ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.

Changes: Various bug fixes and additions.
tags | tool, shell, firewall, bash
systems | linux, unix
MD5 | 43870aa7ec3d2d34c085dcde82c10e0b
Open-Xchange Guard 2.2.0 / 2.0 Private Key Disclosure
Posted Mar 3, 2016
Authored by Martin Heiland

Open-Xchange Guard versions 2.2.0 and 2.0 suffer from a PGP private key disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2015-8542
MD5 | f0c1c9f01b082805ec57a6b902c849e6
Panda SM Manager 2.0.10 Certificate Validation Fail
Posted Mar 3, 2016
Authored by David Coomber

Panda SM Manager versions 2.0.10 and below fail to verify the SSL certificate they receive when connecting to a secure site.

tags | advisory
MD5 | 99ed3f6629989317abc7b5beee211062
WordPress Bulk Delete 5.5.3 Privilege Escalation
Posted Mar 3, 2016
Authored by panVagenas

WordPress Bulk Delete plugin version 5.5.3 suffers from a privilege escalation vulnerability.

tags | exploit
MD5 | 9a3e6e3d3ad31acff3345496026c3da0
Slackware Security Advisory - mailx Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2004-2771, CVE-2014-7844
MD5 | 78ab6826383cdd190a10f3b03093307c
Slackware Security Advisory - openssl Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
MD5 | 93e3fc9f48b13299e8509cb8e0af664d
Slackware Security Advisory - php Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
MD5 | 8a25915b1bf2c4bfa7b68d442206c345
HP Security Bulletin HPSBHF03436 1
Posted Mar 3, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03436 1 - A potential security vulnerability has been identified with certain HP Thin Clients running ThinPro OS. The vulnerability could be exploited exploited locally resulting in elevated privileges. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-0728
MD5 | 13a68e5803d62e2f4d9c0fb56917a742
Red Hat Security Advisory 2016-0351-01
Posted Mar 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0351-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves, if the build configuration files were later launched by other privileged services, user privileges could be bypassed allowing attacker escalation.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-1905, CVE-2016-1906
MD5 | 68dd014e19576208851ca153e102998d
Ubuntu Security Notice USN-2919-1
Posted Mar 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2919-1 - Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Tyler Hicks discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to consume memory, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1577, CVE-2016-2116
MD5 | 21b1adf50e1df2c22bbb4d2af857d152
Ubuntu Security Notice USN-2918-1
Posted Mar 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2918-1 - Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, a remote attacker could cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9766
MD5 | a851a9b4ad686398086d254bc3278e1b
Cisco Security Advisory 20160302-openssl
Posted Mar 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities. DROWN is a cross-protocol attack that actively exploits weaknesses in SSL version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol. To execute a successful DROWN attack, the attacker must identify a server that supports both SSLv2 and TLS, and uses the same RSA key pair for both protocols. The attacker must also be able to collect TLS traffic for the server.

tags | advisory, vulnerability, protocol
systems | cisco
MD5 | e7d32cfbc7bcc2c789f6d2af74f1cbad
Clam AntiVirus Toolkit 0.99.1
Posted Mar 3, 2016
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Added CustomXML as trigger for likely OOXML. Added patch to add show-progress option in freshclam. Various other improvements and fixes.
tags | tool, virus
systems | unix
MD5 | cf1f3cbe62a08c9165801f79239166ff
AppLocker Execution Prevention Bypass
Posted Mar 3, 2016
Authored by OJ Reeves, Casey Smith | Site metasploit.com

This Metasploit module will generate a .NET service executable on the target and utilise InstallUtil to run the payload bypassing the AppLocker protection. Currently only the InstallUtil method is provided, but future methods can be added easily.

tags | exploit
MD5 | 7f55b4106a8b20e51087a5effc89a0c3
Revive Adserver 3.2.2 Session Fixation / XSS / CSRF
Posted Mar 3, 2016
Authored by Matteo Beccati

Revive Adserver versions 3.2.2 and below suffer from cross site request forgery, lack of brute force controls, session fixation, information exposure, and multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | 9da88618bfb5a6be4a1f847e7236b34d
Cisco Security Advisory 20160302-wsa
Posted Mar 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web proxy framework of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker with the ability to negotiate a secure connection from within the trusted network to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS request packet through the affected device. A successful exploit could allow an attacker to create a DoS condition, causing all requests traversing the WSA to be dropped. The condition is temporary and no manual intervention is required to restore functionality. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, web, denial of service
systems | cisco
MD5 | ff0a4d31ff807639784953df1bbefd56
Cisco Security Advisory 20160302-n5ksnmp
Posted Mar 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Nexus 5500 Platform Switches, Cisco Nexus 5600 Platform Switches, and Cisco Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP Protocol Data Units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device, which could cause the SNMP application on the device to restart. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | 2b0754b7c7fa29bbdccd793276cd65d8
Ubuntu Security Notice USN-2916-1
Posted Mar 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2916-1 - It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An attacker could use this issue to cause Perl to consume memory and crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2013-7422, CVE-2014-4330, CVE-2016-2381
MD5 | b6c02ced38435c1dd8276aac1a9bac16
HP Security Bulletin HPSBGN03442 1
Posted Mar 3, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03442 1 - HPE Helion OpenStack has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
MD5 | ab6dd9ec1a0f665141ff51c1b4a53f8a
Ubuntu Security Notice USN-2915-1
Posted Mar 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2915-1 - Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2016-2512, CVE-2016-2513
MD5 | 632c6b5897db95465ede05a05cc0b157
Red Hat Security Advisory 2016-0348-01
Posted Mar 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0348-01 - PostgreSQL is an advanced object-relational database management system. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-0773
MD5 | 1fbc1d1d88951d6505ab0b43c92585da
Red Hat Security Advisory 2016-0347-01
Posted Mar 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0347-01 - PostgreSQL is an advanced object-relational database management system. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-0773
MD5 | fbfa24ab41bb53046f1fd03ca7e6758c
Page 1 of 2
Back12Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close