what you don't know can hurt you
Showing 1 - 25 of 33 RSS Feed

Files Date: 2016-03-03

Liferay Portal 5.1.2 Cross Site Scripting
Posted Mar 3, 2016
Authored by Sarim Kiani

Liferay Portal version 5.1.2 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | c0caf6708ab4d86acc035452baff04d5bae5ac652353b3ce2b751e35eab1c7a3
GNU Transport Layer Security Library 3.4.10
Posted Mar 3, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability. This is the current stable release.

Changes: This is a bug fix release of the current stable branch. Eliminated issues preventing buffers more than 2^32 bytes to be used with hashing functions in libgnutls. Corrected leaks and other issues in gnutls_x509_crt_list_import() in libgnutls. Various other fixes.
tags | protocol, library
SHA-256 | 6a32c2b4acbd33ff7eefcbd1357009da04c94c60146ef61320b6c076b1bdf59f
360-FAAR Firewall Analysis Audit And Repair 0.5.7
Posted Mar 3, 2016
Authored by Dan Martin | Site sourceforge.net

360-FAAR Firewall Analysis Audit and Repair is an offline command line perl policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in checkpoint dbedit or screenos commands.

Changes: Various updates.
tags | tool, perl
systems | unix
SHA-256 | 4210ef09e1a1c4fe7bb855e6b9ca5560ffad95db48f9aba053850b587b19a4b5
IPSet Bash Completion 2.9.2
Posted Mar 3, 2016
Authored by AllKind | Site sourceforge.net

ipset-bash-completion is programmable completion code for the bash shell, to support the ipset program (netfilter.org). It allows you to interactively retrieve and complete options, commands, set names, types, and members.

Changes: Various bug fixes and additions.
tags | tool, shell, firewall, bash
systems | linux, unix
SHA-256 | 80c61eec561eeb58e79da30726b8821cf84e16abdcdb0d44d505ee52ab188c35
Open-Xchange Guard 2.2.0 / 2.0 Private Key Disclosure
Posted Mar 3, 2016
Authored by Martin Heiland

Open-Xchange Guard versions 2.2.0 and 2.0 suffer from a PGP private key disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2015-8542
SHA-256 | 26dcd04d04fbbbfbc871d177446f464caec77c184534a45f0c096d98ce63bc0f
Panda SM Manager 2.0.10 Certificate Validation Fail
Posted Mar 3, 2016
Authored by David Coomber

Panda SM Manager versions 2.0.10 and below fail to verify the SSL certificate they receive when connecting to a secure site.

tags | advisory
SHA-256 | dfe5300d2107330ced841e180c483ee653bc38ee91c0e0d2ee0ee149d923f6e8
WordPress Bulk Delete 5.5.3 Privilege Escalation
Posted Mar 3, 2016
Authored by Panagiotis Vagenas

WordPress Bulk Delete plugin version 5.5.3 suffers from a privilege escalation vulnerability.

tags | exploit
SHA-256 | a80a1b72aaf71032553e1a19b363ecce0bfb70d4a75fa313763ef90eef8cfe8c
Slackware Security Advisory - mailx Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mailx packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2004-2771, CVE-2014-7844
SHA-256 | 7c91a7b7cd14403f1eb73d918150d4cfab9191c3695907b12ea5513ad4214e16
Slackware Security Advisory - openssl Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800
SHA-256 | 264c7d3a0be7e52080a43814d32ce36c6ea5a6fb431cee874379e6cfa549c6e4
Slackware Security Advisory - php Updates
Posted Mar 3, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
SHA-256 | ce6e7d20160abe122eb24b93da4eec8336a898d9478c091d48270c0d94c4bda8
HP Security Bulletin HPSBHF03436 1
Posted Mar 3, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03436 1 - A potential security vulnerability has been identified with certain HP Thin Clients running ThinPro OS. The vulnerability could be exploited exploited locally resulting in elevated privileges. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-0728
SHA-256 | 5695aa787fe5e82c2be6c82f544299746f5ce21e3320dcdf97f877efbdd9c76f
Red Hat Security Advisory 2016-0351-01
Posted Mar 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0351-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to gain additional access to resources such as RAM and disk space. An authorization flaw was discovered in Kubernetes; the API server did not properly check user permissions when handling certain build configuration strategies. A remote attacker could create build configurations with strategies that violate policy. Although the attacker could not launch the build themselves, if the build configuration files were later launched by other privileged services, user privileges could be bypassed allowing attacker escalation.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-1905, CVE-2016-1906
SHA-256 | 1d67ffb8cca2400542795a8de2e8474a214f90c5266ccb32dda15bda72c62531
Ubuntu Security Notice USN-2919-1
Posted Mar 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2919-1 - Jacob Baines discovered that JasPer incorrectly handled ICC color profiles in JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges. Tyler Hicks discovered that JasPer incorrectly handled memory when processing JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to consume memory, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1577, CVE-2016-2116
SHA-256 | 4b2016c3d459906f5ca1fdfbdddca0aafc51d672827b6de0e5dfaceda561a24c
Ubuntu Security Notice USN-2918-1
Posted Mar 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2918-1 - Vincent LE GARREC discovered an integer underflow in pixman. If a user were tricked into opening a specially crafted file, a remote attacker could cause pixman to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-9766
SHA-256 | 68c6f8e26cef2ef6e8a29018680a4b07d9286bcb9e31dbf717c0e72f3c91e906
Cisco Security Advisory 20160302-openssl
Posted Mar 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On March 1, 2016, the OpenSSL Software Foundation released a security advisory detailing seven vulnerabilities and a new attack, referred to as the Decrypting RSA with Obsolete and Weakened eNcryption (DROWN) attack. A total of eight Common Vulnerabilities and Exposures (CVEs) were assigned. Of the eight CVEs, three relate to the DROWN attack. The remaining CVEs track low severity vulnerabilities. DROWN is a cross-protocol attack that actively exploits weaknesses in SSL version 2 (SSLv2) to decrypt passively collected Transport Layer Security (TLS) sessions. DROWN does not exploit a vulnerability in the TLS protocol or any specific implementation of the protocol. To execute a successful DROWN attack, the attacker must identify a server that supports both SSLv2 and TLS, and uses the same RSA key pair for both protocols. The attacker must also be able to collect TLS traffic for the server.

tags | advisory, vulnerability, protocol
systems | cisco
SHA-256 | 3e48e7bc17ea549f2a95b4ce4a89eeb478de92a8d4e421cab91f33d1486ad152
Clam AntiVirus Toolkit 0.99.1
Posted Mar 3, 2016
Authored by Tomasz Kojm | Site clamav.net

Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.

Changes: Added CustomXML as trigger for likely OOXML. Added patch to add show-progress option in freshclam. Various other improvements and fixes.
tags | tool, virus
systems | unix
SHA-256 | e144689122d3f91293808c82cbb06b7d3ac9eca7ae29564c5d148ffe7b25d58a
AppLocker Execution Prevention Bypass
Posted Mar 3, 2016
Authored by OJ Reeves, Casey Smith | Site metasploit.com

This Metasploit module will generate a .NET service executable on the target and utilise InstallUtil to run the payload bypassing the AppLocker protection. Currently only the InstallUtil method is provided, but future methods can be added easily.

tags | exploit
SHA-256 | 9e35d2c51bee68e833236242c3adb8dc69a463ea689029ae6f66814719a27cca
Revive Adserver 3.2.2 Session Fixation / XSS / CSRF
Posted Mar 3, 2016
Authored by Matteo Beccati

Revive Adserver versions 3.2.2 and below suffer from cross site request forgery, lack of brute force controls, session fixation, information exposure, and multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
SHA-256 | 9eca0a9a06ce2eb6e30eada22b5590b69c13dcb9f77ce7e219cf71f70634c6b0
Cisco Security Advisory 20160302-wsa
Posted Mar 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web proxy framework of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker with the ability to negotiate a secure connection from within the trusted network to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of HTTPS packets. An attacker could exploit this vulnerability by sending a malformed HTTPS request packet through the affected device. A successful exploit could allow an attacker to create a DoS condition, causing all requests traversing the WSA to be dropped. The condition is temporary and no manual intervention is required to restore functionality. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | b61056cc436d6411ccd61d17f85de34dbd24fd081a1c562f8aa2cea0e14b9b1b
Cisco Security Advisory 20160302-n5ksnmp
Posted Mar 3, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Nexus 5500 Platform Switches, Cisco Nexus 5600 Platform Switches, and Cisco Nexus 6000 Series Switches running Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP Protocol Data Units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device, which could cause the SNMP application on the device to restart. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 77582e655bc50f57e6ef7197b3eb3677a546c71939418ec63c17d78294f383de
Ubuntu Security Notice USN-2916-1
Posted Mar 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2916-1 - It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. An attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. An attacker could use this issue to cause Perl to consume memory and crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, perl
systems | linux, ubuntu
advisories | CVE-2013-7422, CVE-2014-4330, CVE-2016-2381
SHA-256 | 11e056de6dfb046779b736f70aa61c3166ddef3f52a845f803b60553b0168d67
HP Security Bulletin HPSBGN03442 1
Posted Mar 3, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03442 1 - HPE Helion OpenStack has addressed stack based buffer overflows in glibc's implementation of getaddrinfo(). These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user running glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
SHA-256 | 6539fd974a37cf918334232d4666c73e3f1b4b61616cb996dd44f390809b7782
Ubuntu Security Notice USN-2915-1
Posted Mar 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2915-1 - Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could possibly use this issue to perform a cross-site scripting attack or a malicious redirect. Sjoerd Job Postmus discovered that Django incorrectly handled timing when doing password hashing operations. A remote attacker could possibly use this issue to perform user enumeration. Various other issues were also addressed.

tags | advisory, remote, xss
systems | linux, ubuntu
advisories | CVE-2016-2512, CVE-2016-2513
SHA-256 | 9edf73e6f93d410e66ecf3a4b58f182c76001d3ec8b72e7c0f9ac14c8d07a7a7
Red Hat Security Advisory 2016-0348-01
Posted Mar 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0348-01 - PostgreSQL is an advanced object-relational database management system. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-0773
SHA-256 | 54654828e27ff112fe8bf75dfb4a2a222c28127eca0012b00a1aba8594850ad5
Red Hat Security Advisory 2016-0347-01
Posted Mar 3, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0347-01 - PostgreSQL is an advanced object-relational database management system. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2016-0773
SHA-256 | 5715b322726e4be89ba18235890bf93c72fc9a2f6846eaddacea468241dca48a
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close