Exploit the possiblities
Showing 1 - 14 of 14 RSS Feed

Files Date: 2016-05-05

Ubuntu Security Notice USN-2961-1
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2961-1 - It was discovered that a double free() could occur when the intent handling code in the Little CMS library detected an error. An attacker could use this to specially craft a file that caused an application using the Little CMS library to crash or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-7455
MD5 | 4455c62d94235a1ead88a2d343b90fcf
Ubuntu Security Notice USN-2950-3
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2950-3 - USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. This advisory was inadvertently published as USN-2950-2 originally. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
MD5 | 2b5b3bf6d45f78f9460d354326a1a7a8
Cisco Security Advisory 20160504-fpkern
Posted May 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance (ASA) 5585-X FirePOWER Security Services Processor (SSP) module could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources. The vulnerability is due to the logging of certain IP packets. An attacker could exploit this vulnerability by sending a flood of specially crafted IP packets to the affected device. An exploit could allow the attacker to cause the Cisco FirePOWER module to cease inspecting traffic or go offline. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, kernel
systems | cisco
MD5 | a138cf9ab08cf5b06ae27a09b5e62304
Cisco Security Advisory 20160504-tpxml
Posted May 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the XML application programming interface (API) of Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to bypass authentication and access a targeted system through the API. The vulnerability is due to improper implementation of authentication mechanisms for the XML API of the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the XML API. A successful exploit could allow the attacker to perform unauthorized configuration changes or issue control commands to the affected system by using the API. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

tags | advisory, remote, web
systems | cisco
MD5 | 07bafdfd0cd99113109c1b58bc710a9b
Cisco Security Advisory 20160504-firepower
Posted May 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the packet processing functions of Cisco FirePOWER System Software could allow an unauthenticated, remote attacker to cause an affected system to stop inspecting and processing packets, resulting in a denial of service (DoS) condition. The vulnerability is due to improper packet handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco
MD5 | 73961b9232b857e7daf8af2006116b47
Ubuntu Security Notice USN-2950-2
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2950-2 - USN-2950-1 fixed vulnerabilities in Samba. The fixes introduced in Samba 4.3.8 caused certain regressions and interoperability issues. This update resolves some of these issues by updating to Samba 4.3.9 in Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. Backported regression fixes were added to Samba 3.6.25 in Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
MD5 | 2177d04c09c14d945df9c438bb1b467d
Debian Security Advisory 3569-1
Posted May 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3569-1 - Two vulnerabilities were discovered in openafs, an implementation of the distributed filesystem AFS.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-8312, CVE-2016-2860
MD5 | 9772fa5362c5c4d3a0fe5c685662e60e
Debian Security Advisory 3568-1
Posted May 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3568-1 - Pascal Cuoq and Miod Vallat discovered that Libtasn1, a library to manage ASN.1 structures, does not correctly handle certain malformed DER certificates. A remote attacker can take advantage of this flaw to cause an application using the Libtasn1 library to hang, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2016-4008
MD5 | 6d9c48ac10aa1885c8c79f14fe73a40f
FreeBSD Security Advisory - FreeBSD-SA-16:17.openssl
Posted May 5, 2016
Authored by OpenSSL Project | Site security.freebsd.org

FreeBSD Security Advisory - The padding check in AES-NI CBC MAC was rewritten to be in constant time by making sure that always the same bytes are read and compared against either the MAC or padding bytes. But it no longer checked that there was enough data to have both the MAC and padding bytes. [CVE-2016-2107] An overflow can occur in the EVP_EncodeUpdate() function which is used for Base64 encoding of binary data. [CVE-2016-2105] An overflow can occur in the EVP_EncryptUpdate() function, however it is believed that there can be no overflows in internal code due to this problem. [CVE-2016-2106] When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio() a short invalid encoding can casuse allocation of large amounts of memory potentially consuming excessive resources or exhausting memory. [CVE-2016-2109] ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. [CVE-2016-2176] FreeBSD does not run on any EBCDIC systems and therefore is not affected. A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI. [CVE-2016-2107] If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. [CVE-2016-2105] Any application parsing untrusted data through d2i BIO functions are vulnerable to memory exhaustion attack. [CVE-2016-2109] TLS applications are not affected.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109
MD5 | 0cd350926d2b0a4e5eb3cc47ba9a5d7d
Cisco Security Advisory 20160504-openssl
Posted May 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Out of the six vulnerabilities disclosed, four of them may cause a memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities. This advisory will be updated as additional information becomes available.

tags | advisory, vulnerability
systems | cisco
MD5 | 70d25481dd9bddee1b91158603bf479d
Debian Security Advisory 3567-1
Posted May 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3567-1 - It was discovered that libpam-sshauth, a PAM module to authenticate using an SSH server, does not correctly handle system users. In certain configurations an attacker can take advantage of this flaw to gain root privileges.

tags | advisory, root
systems | linux, debian
advisories | CVE-2016-4422
MD5 | 6d0b557f21f6c64badc1ab3ce8a818ea
Ubuntu Security Notice USN-2964-1
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2964-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427
MD5 | 4791053386ccaed581bb3d26772376a1
Ubuntu Security Notice USN-2963-1
Posted May 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2963-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. CVE-2016-0687, Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure. An attacker could exploit this to expose sensitive data over the network. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427
MD5 | 4a4513ac2539bc5d88a5ab57d923d8fe
ManageEngine Applications Manager Build 12700 Information Disclosure / SQL Injection
Posted May 5, 2016
Authored by Saif El-Sherei

ManageEngine Applications Manager build 12700 suffers from information disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
MD5 | 9704164e06b7e0871e954db63ac42ff1
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    10 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close