exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2016-04-06

Webligo SocialEngine 4.8.9 SQL Injection
Posted Apr 6, 2016
Authored by High-Tech Bridge SA | Site htbridge.com

Webligo SocialEngine version 4.8.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 23d7b324c1f00d120d482272b68f715bc252d57f6a4a0e8541edcafd5c706d24
op5 7.1.9 Remote Command Execution
Posted Apr 6, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

op5 has a cross site request forgery entry point that can be used to execute arbitrary remote commands on op5 system sent via HTTP GET requests, allowing attackers to completely takeover the affected host. To be victimized a user must be authenticated and visit a malicious webpage or click an infected link. Version 7.1.9 is affected.

tags | exploit, remote, web, arbitrary, csrf
SHA-256 | a99ec5b8c98fbbd4d26e18a7ffeb77840fb048d7100904df54c1a9e24ecdd54f
CA API Gateway CRLF Injection
Posted Apr 6, 2016
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to a Medium risk vulnerability with CA API Gateway (formerly known as Layer7 API Gateway). A vulnerability exists in CA API Gateway that may allow a remote unauthenticated attacker to conduct CRLF Injection attacks in limited network configurations. CA has fixes available. Versions affected include 7.1, 8.0, 8.1, 8.2, 8.3, and 8.4.

tags | advisory, remote
advisories | CVE-2016-3118
SHA-256 | d75ce9c00c2cc4cc2833e147503b98c91bbedd492653fd12e4463e86d064dac4
Asbru Web Content Management System 9.2.7 CSRF / XSS / Traversal
Posted Apr 6, 2016
Authored by LiquidWorm | Site zeroscience.mk

Asbru Web Content Management System version 9.2.7 suffers from cross site request forgery, cross site scripting, open redirection, and directory traversal vulnerabilities.

tags | exploit, web, vulnerability, xss, csrf
SHA-256 | a855a651720da4d549f9b5abc9c5497e9eafb205df8154d2cb842c4fccaf3b25
Red Hat Security Advisory 2016-0591-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0591-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-1978, CVE-2016-1979
SHA-256 | b4d37927706ed52b6f88aeba09a8fe9f5e48bb1850ac0233b2fc350696bfd23f
Debian Security Advisory 3541-1
Posted Apr 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3541-1 - High-Tech Bridge Security Research Lab discovered that Roundcube, a webmail client, contained a path traversal vulnerability. This flaw could be exploited by an attacker to access sensitive files on the server, or even execute arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2015-8770
SHA-256 | e23b46e4ad95b874f9e497641a751002dc3c31cf66a6ab1d5fcf9d9b56be8bf7
Gentoo Linux Security Advisory 201604-03
Posted Apr 6, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201604-3 - Multiple vulnerabilities have been found in Xen, the worst of which cause a Denial of Service. Versions less than 4.6.0-r9 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-3494, CVE-2012-3495, CVE-2012-3496, CVE-2012-3497, CVE-2012-3498, CVE-2012-3515, CVE-2012-4411, CVE-2012-4535, CVE-2012-4536, CVE-2012-4537, CVE-2012-4538, CVE-2012-4539, CVE-2012-6030, CVE-2012-6031, CVE-2012-6032, CVE-2012-6033, CVE-2012-6034, CVE-2012-6035, CVE-2012-6036, CVE-2015-2151, CVE-2015-3209, CVE-2015-3259, CVE-2015-3340, CVE-2015-3456, CVE-2015-4103, CVE-2015-4104, CVE-2015-4105, CVE-2015-4106
SHA-256 | a7e9bd9d6342dd146c7a64ee40be706e83549d090ba7149e7ac964a6280a8109
Red Hat Security Advisory 2016-0601-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0601-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-1285, CVE-2016-1286
SHA-256 | 932038321dd0b89f4e08ede9ca33a95b9d44f53d2a5e3bb5d5f2bf80334fd5d7
Slackware Security Advisory - subversion Updates
Posted Apr 6, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New subversion packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-5343
SHA-256 | d07b7f92a7fee24f280aee13f62ed578e757644b36f2aded17031c4d2ee6e33e
Ubuntu Security Notice USN-2947-1
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2947-1 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7833, CVE-2015-8812, CVE-2016-2085, CVE-2016-2383, CVE-2016-2550, CVE-2016-2847
SHA-256 | 1589a71a5392734b1ae81742ea08c3d1505de7730a5f381c44076a2fbb5cda36
Ubuntu Security Notice USN-2946-2
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2946-2 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847
SHA-256 | 0038e1460e63ff5cc6aaf80a71168ed50dafde78ce37b3363aa006a996681a76
Ubuntu Security Notice USN-2949-1
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2949-1 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847
SHA-256 | 0400bb0d8a6dc0fa5b0e9e74b415c869ca8984e6ffeaccdb1937b1486387cb3a
Ubuntu Security Notice USN-2948-1
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2948-1 - Ralf Spenneberg discovered that the USB driver for Clie devices in the Linux kernel did not properly sanity check the endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Various other issues were also addressed.

tags | advisory, denial of service, kernel
systems | linux, ubuntu
advisories | CVE-2015-7566, CVE-2015-7833, CVE-2015-8812, CVE-2016-0723, CVE-2016-2085, CVE-2016-2550, CVE-2016-2782, CVE-2016-2847
SHA-256 | f3cae25b14e5e6dc21f92189550892543b26dc0cb3d6486d3fef87657d9a3007
Ubuntu Security Notice USN-2947-3
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2947-3 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7833, CVE-2015-8812, CVE-2016-2085, CVE-2016-2383, CVE-2016-2550, CVE-2016-2847
SHA-256 | 8e332a027893fa2b8bfdfdd28766726d47bc3892017b1859881263fdd0532d37
Ubuntu Security Notice USN-2946-1
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2946-1 - Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux Extended Verification Module (EVM). An attacker could use this to affect system integrity. David Herrmann discovered that the Linux kernel incorrectly accounted file descriptors to the original opener for in-flight file descriptors sent over a unix domain socket. A local attacker could use this to cause a denial of service (resource exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, unix, ubuntu
advisories | CVE-2015-8812, CVE-2016-2085, CVE-2016-2550, CVE-2016-2847
SHA-256 | c6cb3ff3dd5bc15eed99776afa7a96f21344d3b8675e42dfbe88b47003dcedc5
Ubuntu Security Notice USN-2947-2
Posted Apr 6, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2947-2 - Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly sanity check the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service (system crash). Venkatesh Pottem discovered a use-after-free vulnerability in the Linux kernel's CXGB3 driver. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-7833, CVE-2015-8812, CVE-2016-2085, CVE-2016-2383, CVE-2016-2550, CVE-2016-2847
SHA-256 | a1cd9bf0ef18c2c6d6e9125dc56451016c28dacccc9581b62fb421f6ee77a750
HP Security Bulletin HPSBGN03569 1
Posted Apr 6, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03569 1 - Potential security vulnerabilities have been identified in the server running HP OneView for VMware vCenter (OV4VC) version 7.8.1 or earlier. The vulnerabilities may lead to remote disclosure of information. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2014-3566, CVE-2016-0705, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | ba96f809d6edd6493b69b5512fafd074d2553430432ef066408a44fa3cf3e38b
Red Hat Security Advisory 2016-0594-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0594-01 - Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526
SHA-256 | 8245e814f0ff3ac5cb5d50adb975b1e87e9aa2734b464dc080a69a685a6503bf
Red Hat Security Advisory 2016-0599-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0599-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.6, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2014-0230, CVE-2016-2094
SHA-256 | 140782db309e3d0cc3202efce5773f9a61f7e69973fb793ec750d5ed96c88287
Red Hat Security Advisory 2016-0598-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0598-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the packages have been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 6.4.7.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2014-0230, CVE-2016-2094
SHA-256 | 111a67270d9143c214508566b1b9db46e1080ebb465b5a5788f63b438ed313dc
Red Hat Security Advisory 2016-0595-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0595-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.6, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2014-0230, CVE-2016-2094
SHA-256 | c0828c1c1f5306ea1cd4af9e6032c9249874f701dbe4bd8af9c0d7e8e3125c85
Red Hat Security Advisory 2016-0597-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0597-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.6, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2014-0230, CVE-2016-2094
SHA-256 | 1b6a6729380fbd810b6dd39e519d747cb6d3fd966ae08b5ed06c03494fe2b765
Red Hat Security Advisory 2016-0596-01
Posted Apr 6, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0596-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.6, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2014-0230, CVE-2016-2094
SHA-256 | f092125120269b1db2bd7ba601b60cfeb37921d28d5a686ef7e4886115652a7d
Debian Security Advisory 3543-1
Posted Apr 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3543-1 - Emmanuel Thome discovered that missing sanitising in the oarsh command of OAR, a software used to manage jobs and resources of HPC clusters, could result in privilege escalation.

tags | advisory
systems | linux, debian
advisories | CVE-2016-1235
SHA-256 | 3d4e747ce873655fa1b33966ae56aab54fece801f3af12f06bbeb07bea7f1367
Debian Security Advisory 3542-1
Posted Apr 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3542-1 - Several vulnerabilities have been discovered in Mercurial, a distributed version control system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-3068, CVE-2016-3069, CVE-2016-3630
SHA-256 | 8a55233ac0ff62df88d422523f37a42a009f2e368698ed0a39f5c316eb14eec0
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close