what you don't know can hurt you
Showing 1 - 25 of 29 RSS Feed

Files Date: 2016-05-17

HP Security Bulletin HPSBHF03594 1
Posted May 17, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03594 1 - Security vulnerabilities in OpenSSL have been addressed by HPE ConvergedSystem 500 & 900 and HPE AppSystems for SAP HANA. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS), unauthorized disclosure of information, and unauthorized modification. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-0705, CVE-2016-0799, CVE-2016-2842
SHA-256 | d33fe09cf5ca02681f9ac76ff30e6bbf0d623c549fe9a315a6a3243d9bd2c5e5
Red Hat Security Advisory 2016-1088-01
Posted May 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1088-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763
SHA-256 | 4794c3698f75c399fd8e56a93178cf1d6428ab89a65144f4783b6186670d6dd7
Red Hat Security Advisory 2016-1087-01
Posted May 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1087-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763
SHA-256 | b7bd3ec66ec724db03317de31401f5cfbf0df255890d170f9025765106bac939
Red Hat Security Advisory 2016-1089-01
Posted May 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1089-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.0.3 serves as a replacement for Red Hat JBoss Web Server 3.0.2, and includes bug fixes and enhancements, which are documented in the Release Notes documented linked to in the References.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2015-0209, CVE-2015-5312, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8035, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, CVE-2015-8710, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763
SHA-256 | 9406c3d8ed760c85a4d0cbf50bb6b97066f995e281ab809f70e60509429650aa
Cisco ASA Software IKEv1 / IKEv2 Buffer Overflow
Posted May 17, 2016
Authored by Exodus Intelligence

Cisco ASA software IKEv1 and IKEv2 remote buffer overflow exploit.

tags | exploit, remote, overflow
systems | cisco
advisories | CVE-2016-1287
SHA-256 | ff7023ee70394960ee524b25e81f0bf3bfee1b58abcce9f15123fc266a4510c2
Meteocontrol WEBLog Password Extractor
Posted May 17, 2016
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in Meteocontrol WEBLog (all models). This vulnerability allows extracting Administrator password for the device management portal.

tags | exploit, bypass
advisories | CVE-2016-2296
SHA-256 | b5a443a5fc418686d9d3ce0d8492afebd3f170b8a108d1cefb5fed42ef7ba2c7
Dell SonicWALL Scrutinizer 11.01 methodDetail SQL Injection
Posted May 17, 2016
Authored by sinn3r, Brandon Perry | Site metasploit.com

This Metasploit module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.

tags | exploit, remote, arbitrary, php, code execution, sql injection
systems | linux, windows
advisories | CVE-2014-4977
SHA-256 | 46eef5e2e82adcace1eb86cca34fa1691dfc435af8857a0821e91b120976f5fc
Ubuntu Security Notice USN-2982-1
Posted May 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2982-1 - Hanno Boeck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Hanno Boeck discovered that Libksba incorrectly handled decoding certain BER data. An attacker could use this issue to cause Libksba to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-4353, CVE-2016-4354, CVE-2016-4355, CVE-2016-4356, CVE-2016-4574, CVE-2016-4579
SHA-256 | 8c5fb3044d7b186222e7fc370ecfadfaa98aab4ee9f136e2ac763fab90769e38
Debian Security Advisory 3581-1
Posted May 17, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3581-1 - Julien Bernard discovered that libndp, a library for the IPv6 Neighbor Discovery Protocol, does not properly perform input and origin checks during the reception of a NDP message. An attacker in a non-local network could use this flaw to advertise a node as a router, and cause a denial of service attack, or act as a man-in-the-middle.

tags | advisory, denial of service, local, protocol
systems | linux, debian
advisories | CVE-2016-3698
SHA-256 | affa5c2647200287ee20023cbd0d5822a09944b8e4e426c1e6c7ff0c0709d1b0
Red Hat Security Advisory 2016-1086-01
Posted May 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1086-01 - Libndp is a library that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fix: It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client.

tags | advisory, local, protocol
systems | linux, redhat
advisories | CVE-2016-3698
SHA-256 | 8355924f316a3a290f7093136170ead8bd279f1e0739e79b02189dd1b7f3e2bd
Apple Security Advisory 2016-05-16-6
Posted May 17, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-05-16-6 - iTunes 12.4 is now available and addresses a code execution vulnerability.

tags | advisory, code execution
systems | apple
advisories | CVE-2016-1742
SHA-256 | 0bb484fb892661c9d0d136b77554d8e0cf261760a62acc90c71612cdb5f12636
Apple Security Advisory 2016-05-16-5
Posted May 17, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-05-16-5 - Safari 9.1.1 is now available and addresses history deletion, data disclosure, code execution, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2016-1849, CVE-2016-1854, CVE-2016-1855, CVE-2016-1856, CVE-2016-1857, CVE-2016-1858, CVE-2016-1859
SHA-256 | a9e53dda0873ad8a4ed17e1822b21b16c940203d4a931b8a0a7f88912870545b
Gentoo Linux Security Advisory 201605-02
Posted May 17, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201605-2 - Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 50.0.2661.102 are affected.

tags | advisory, remote, web, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-1646, CVE-2016-1647, CVE-2016-1648, CVE-2016-1649, CVE-2016-1650, CVE-2016-1651, CVE-2016-1652, CVE-2016-1653, CVE-2016-1654, CVE-2016-1655, CVE-2016-1656, CVE-2016-1657, CVE-2016-1658, CVE-2016-1659, CVE-2016-1660, CVE-2016-1661, CVE-2016-1662, CVE-2016-1663, CVE-2016-1664, CVE-2016-1665, CVE-2016-1666, CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1671
SHA-256 | 3d35e4f94f3e0d5fc1ec1b66fbcd0077314511b7d86948997867d9fcca1414b0
Ubuntu Security Notice USN-2981-1
Posted May 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2981-1 - It was discovered that libarchive incorrectly handled certain entry-size values in ZIP archives. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS, Ubuntu 15.10 and Ubuntu 16.04 LTS. It was discovered that libarchive incorrectly handled memory when processing certain tar files. A remote attacker could use this issue to cause libarchive to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1541
SHA-256 | cd28623f8a397ad606f6739d1d53e4c06507e985acd72d2147bc28e72c960e56
Apple Security Advisory 2016-05-16-4
Posted May 17, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-05-16-4 - OS X El Capitan 10.11.5 and Security Update 2016-003 is now available and addresses code execution, PHP flaws, information leakage, and various other vulnerabilities.

tags | advisory, php, vulnerability, code execution
systems | apple, osx
advisories | CVE-2015-8865, CVE-2016-1791, CVE-2016-1792, CVE-2016-1793, CVE-2016-1794, CVE-2016-1795, CVE-2016-1796, CVE-2016-1797, CVE-2016-1798, CVE-2016-1799, CVE-2016-1800, CVE-2016-1801, CVE-2016-1802, CVE-2016-1803, CVE-2016-1804, CVE-2016-1805, CVE-2016-1806, CVE-2016-1807, CVE-2016-1808, CVE-2016-1809, CVE-2016-1810, CVE-2016-1811, CVE-2016-1812, CVE-2016-1813, CVE-2016-1814, CVE-2016-1815, CVE-2016-1816, CVE-2016-1817
SHA-256 | 033664aa28ec2879dd3701fb337746a01283cd594653ca2f21434886e857c2b1
Ubuntu Security Notice USN-2980-1
Posted May 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2980-1 - Julien Bernard discovered that libndp incorrectly performed origin checks when receiving Neighbor Discovery Protocol (NDP) messages. A remote attacker outside of the local network could use this issue to advertise a node as a router, causing a denial of service, or possibly to act as a man in the middle.

tags | advisory, remote, denial of service, local, protocol
systems | linux, ubuntu
advisories | CVE-2016-3698
SHA-256 | fd80dfb5e75a446fbe7f7256ff55473acd17f98dda4e3e20e1cfdab2bede7e5d
Red Hat Security Advisory 2016-1083-01
Posted May 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1083-01 - Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments. Security Fix: An input sanitization flaw was found in the scoped search parameters sort_by and sort_order in the REST API. An authenticated user could use this flaw to perform an SQL injection attack on the Katello back end database.

tags | advisory, sql injection
systems | linux, redhat
advisories | CVE-2016-3072
SHA-256 | 16c634ffd6be21f4086f926a66feee82da9905f491a151635564f12cd7807517
Apple Security Advisory 2016-05-16-3
Posted May 17, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-05-16-3 - watchOS 2.2.1 is now available and addresses information leakage, code execution, and various other vulnerabilities.

tags | advisory, vulnerability, code execution
systems | apple
advisories | CVE-2016-1802, CVE-2016-1803, CVE-2016-1807, CVE-2016-1808, CVE-2016-1811, CVE-2016-1813, CVE-2016-1817, CVE-2016-1818, CVE-2016-1819, CVE-2016-1823, CVE-2016-1824, CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1832, CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-1841, CVE-2016-1842, CVE-2016-1847
SHA-256 | 33b024e7cf4ccb3341bea4ad4c523f2b5f77ad44af02d7c3a4e377bffabb8637
Bugzilla 4.4.11 / 5.0.2 Summary Cross Site Scripting
Posted May 17, 2016
Authored by Wladimir Palant, Frederic Buclin, David Lawrence | Site bugzilla.org

Bugzilla versions 2.16rc1 to 4.4.11 and 4.5.1 to 5.0.2 suffer from a cross site scripting vulnerability.

tags | advisory, xss
advisories | CVE-2016-2803
SHA-256 | b5b557c9a96230c03f35334bcabd0cbadd09684f233600dafc8de9a79dd18b6b
Apple Security Advisory 2016-05-16-2
Posted May 17, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-05-16-2 - iOS 9.3.2 is now available and addresses buffer overflow, information leakage, and various other vulnerabilities.

tags | advisory, overflow, vulnerability
systems | cisco, apple, ios
advisories | CVE-2016-1790, CVE-2016-1801, CVE-2016-1802, CVE-2016-1803, CVE-2016-1807, CVE-2016-1808, CVE-2016-1811, CVE-2016-1813, CVE-2016-1814, CVE-2016-1817, CVE-2016-1818, CVE-2016-1819, CVE-2016-1823, CVE-2016-1824, CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1831, CVE-2016-1832, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840
SHA-256 | fa5fb69a96d1763e7f9b8f05cfb08dc7841350132fdbde952f885dfdea6fc729
Apple Security Advisory 2016-05-16-1
Posted May 17, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-05-16-1 - tvOS 9.2.1 is now available and addresses information disclosure, code execution issues, and more.

tags | advisory, code execution, info disclosure
systems | apple
advisories | CVE-2016-1801, CVE-2016-1802, CVE-2016-1803, CVE-2016-1807, CVE-2016-1808, CVE-2016-1811, CVE-2016-1813, CVE-2016-1814, CVE-2016-1817, CVE-2016-1818, CVE-2016-1819, CVE-2016-1823, CVE-2016-1824, CVE-2016-1827, CVE-2016-1828, CVE-2016-1829, CVE-2016-1830, CVE-2016-1832, CVE-2016-1833, CVE-2016-1834, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-1841, CVE-2016-1847, CVE-2016-1854
SHA-256 | a7046a4cb19a989986f26465b54fe410792551ee40fb5815e022d3ff6cd5e750
WSO2 SOA Enablement Server Cross Site Scripting
Posted May 17, 2016
Authored by Jakub Pataczynski, Lukasz Juszczyk

WSO2 SOA Enablement server suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2016-4327
SHA-256 | 31d43f863469f43424bafc72bcd4ad822cc16db33e6a9b0bf7ffb2914a174118
7-Zip Code Execution
Posted May 17, 2016
Authored by Nick Boyce, Cisco Talis

7-Zip versions prior to 16.00 suffer from code execution and various other vulnerabilities.

tags | advisory, vulnerability, code execution
SHA-256 | 9f796f1af89d7aa0d638e43def7b8d0e70a285275a25793a5d06f71c464ca9c1
Microsoft Windows gdi32.dll Data Copy
Posted May 17, 2016
Authored by Google Security Research, mjurczyk

gdi32.dll in Microsoft Windows suffers from a denial of service issue due to an attacker controlling the Size argument in the gdi32!GdiComment() function.

tags | exploit, denial of service
systems | linux, windows
advisories | CVE-2016-0169
SHA-256 | db43b8cce7b5a88cf1f306d6bddb776823d2c0be5e51d507cafc7cb1aa4aa006
Microsoft Windows gdi32.dll Information Disclosure
Posted May 17, 2016
Authored by Google Security Research, mjurczyk

gdi32.dll in Microsoft Windows suffers from information disclosure issues via the EMF CREATECOLORSPACEW record handling.

tags | exploit, info disclosure
systems | linux, windows
advisories | CVE-2016-0168
SHA-256 | ad702dbd1e8d3499b0b0400f710dfb2273a51ad44f2be032b45acb14922319f3
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close