what you don't know can hurt you
Showing 1 - 23 of 23 RSS Feed

Files Date: 2016-04-04

Easy File Sharing HTTP Server 7.2 SEH Overflow
Posted Apr 4, 2016
Authored by Starwarsfan2099 | Site metasploit.com

This Metasploit module exploits a SEH overflow in the Easy File Sharing FTP server version 7.2.

tags | exploit, overflow
MD5 | 8c94fac0515603e7572a80f3730841ba
PCMAN FTP Server 2.0.7 Buffer Overflow
Posted Apr 4, 2016
Authored by Jay Turla, Chris Higgins | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability found in the PUT command of the PCMAN FTP server version 2.0.7. This requires authentication but by default anonymous credentials are enabled.

tags | exploit, overflow
advisories | OSVDB-94624
MD5 | 143f2f70be5c584f22620615e047909a
Open-Xchange 7.8.0 Cross Site Scripting
Posted Apr 4, 2016
Authored by Satish Bommisetty, Tim Schughart

Open-Xchange versions 7.8.0 and below suffer from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2016-2840
MD5 | 7030b4d898fcfa524b4fd22336d1b697
ManageEngine Password Manager Pro 8.3 CSRF / XSS / Escalation / Bypass
Posted Apr 4, 2016
Authored by Sebastian Perez

ManageEngine Password Manager Pro builds 8.1 through 8.3 suffer from bypass, cross site request forgery, privilege escalation, user enumeration, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass, csrf
MD5 | 4f236dcbe2a00436d23f97301e47f914
Gentoo Linux Security Advisory 201604-01
Posted Apr 4, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201604-1 - Multiple vulnerabilities have been found in QEMU, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 2.5.0-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2015-8613, CVE-2015-8619, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981, CVE-2016-2197, CVE-2016-2198, CVE-2016-2392, CVE-2016-2538, CVE-2016-2858
MD5 | 537344e4201e1864d683d6d4fbce853a
Red Hat Security Advisory 2016-0532-01
Posted Apr 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0532-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Security Fix: A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion.

tags | advisory, denial of service, memory leak
systems | linux, redhat
advisories | CVE-2015-8629, CVE-2015-8630, CVE-2015-8631
MD5 | 0ae51d5c9c936555cf7c84c0e86f2c08
Red Hat Security Advisory 2016-0590-01
Posted Apr 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0590-01 - Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool. Security Fix: A cross-site scripting flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users. Multiple cross-site scripting flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users.

tags | advisory, remote, xss
systems | linux, redhat
advisories | CVE-2015-0284, CVE-2016-2103, CVE-2016-2104, CVE-2016-3079
MD5 | f99de59da607a5c2a44d5b0b9b7091f2
Debian Security Advisory 3540-1
Posted Apr 4, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3540-1 - Marcin Noga discovered an integer underflow in Lhasa, a lzh archive decompressor, which might result in the execution of arbitrary code if a malformed archive is processed.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2016-2347
MD5 | f432c2b32229911e0eee8fa6ba826e0a
Debian Security Advisory 3539-1
Posted Apr 4, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3539-1 - Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), does not properly handle RTP header CSRC count and extension header length. A remote attacker can exploit this vulnerability to crash an application linked against libsrtp, resulting in a denial of service.

tags | advisory, remote, denial of service, protocol
systems | cisco, linux, debian
advisories | CVE-2015-6360
MD5 | c3ea35d1223850ceb4fa0cd1c015c773
HP Security Bulletin HPSBGN03565 1
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03565 1 - A vulnerability in the Linux kernel was addressed by HPE Virtualization Performance Viewer. The vulnerability could be exploited locally to allow Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, kernel
systems | linux
advisories | CVE-2015-7872
MD5 | dd28e432cf998026fdf95fdf51f4082b
Slackware Security Advisory - mercurial Updates
Posted Apr 4, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-3068, CVE-2016-3069, CVE-2016-3630
MD5 | 2c34453ad4a6e444ae106c00daddaf5f
Red Hat Security Advisory 2016-0534-01
Posted Apr 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0534-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-2047
MD5 | 7ae2f9e58d8c1ed8b6e73de2b8b8bead
Slackware Security Advisory - php Updates
Posted Apr 4, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
MD5 | 87e64c2747f7e2face2f3aea93b174c8
HP Security Bulletin HPSBHF03431 3
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03431 3 - Potential security vulnerabilities have been identified with HPE Network Switches. The vulnerabilities could be exploited locally to allow bypass of security restrictions, and indirect vulnerabilities. Note: Versions 15.16.xxxx and 15.17.xxxx were incorrectly identified as vulnerable, the only affected versions are KB.15.18.0006 & KB.15.18.0007. Revision 3 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2015-6859, CVE-2015-6860
MD5 | 0e60f22c13fb86fb8d8dc538ac447ae9
HP Security Bulletin HPSBUX03561 1
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03561 1 - Potential security vulnerabilities has been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create Denial of Service (DoS), access restriction bypass, unauthorized read access to files, arbitrary code execution, and execution of arbitrary code with privilege elevation. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
systems | hpux
advisories | CVE-2014-0230, CVE-2014-7810, CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, CVE-2016-0714
MD5 | 96073f018ec9a63721c1b1d374fd4a1f
HP Security Bulletin HPSBGN03567 1
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03567 1 - A security vulnerability in Apache Commons Collections (ACC) for handling Java object deserialization was addressed by HP Asset Manager. The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.

tags | advisory, java, remote, code execution
advisories | CVE-2016-2000
MD5 | e9cad210c8ddb72f991808b933547355
HP Security Bulletin HPSBGN3547 1
Posted Apr 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN3547 1 - Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot = dot) in the Filename field of an RRQ operation. Revision 1 of this advisory.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4722
MD5 | 9871dab90688a100c65dc1e68eed08a4
Gentoo Linux Security Advisory 201604-02
Posted Apr 4, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201604-2 - Insufficient constraints in Apache's Xalan-Java might allow remote attackers to execute arbitrary code and load arbitrary classes. Versions less than 2.7.2 are affected.

tags | advisory, java, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0107
MD5 | 2c36daef78ff6192ac8fad982553c5c9
Red Hat Security Advisory 2016-0566-01
Posted Apr 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0566-01 - libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix: A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2016-0739
MD5 | a7fc043e4eff39b58f3e8194d5171d0d
FortiManager / FortiAnalyzer 5.x Script Insertion
Posted Apr 4, 2016
Authored by Marco Onorati | Site vulnerability-lab.com

FortiManager and FortiAnalyzer version 5.x suffer from a client-side malicious script insertion vulnerability.

tags | exploit
MD5 | 9b556ca2c04915e21eb2da9a3de64226
Techsoft Web Solutions CMS 2016 Q2 SQL Injection
Posted Apr 4, 2016
Authored by ICG SEC | Site vulnerability-lab.com

Techsoft Web Solutions CMS version 2016 Q2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, web, sql injection
MD5 | 01b2309998e377166e84a5486bccf507
BugCrowd CSV Injection
Posted Apr 4, 2016
Authored by Hack Ex

BugCrowd's file upload allows for CSVs that may have malicious formulas in them.

tags | exploit, file upload
MD5 | 3b24f437b0b15d5a61aaf99bd723b3e0
MSIE MSHTML!CSVGHelpers::SetAttributeStringAndPointer Use-After-Free
Posted Apr 4, 2016
Authored by Martin Barbella, Google Security Research

Microsoft Internet Explorer suffers from a MSHTML!CSVGHelpers::SetAttributeStringAndPointer use-after-free vulnerability.

tags | exploit
systems | linux
advisories | CVE-2016-0111
MD5 | 465c6a54f42555d805751d063f46a9e8
Page 1 of 1
Back1Next

File Archive:

August 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    10 Files
  • 2
    Aug 2nd
    8 Files
  • 3
    Aug 3rd
    2 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    79 Files
  • 7
    Aug 7th
    16 Files
  • 8
    Aug 8th
    10 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    6 Files
  • 12
    Aug 12th
    26 Files
  • 13
    Aug 13th
    15 Files
  • 14
    Aug 14th
    19 Files
  • 15
    Aug 15th
    52 Files
  • 16
    Aug 16th
    11 Files
  • 17
    Aug 17th
    1 Files
  • 18
    Aug 18th
    1 Files
  • 19
    Aug 19th
    18 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close