exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-05-18

Falco 0.1.0
Posted May 18, 2016
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

tags | tool, intrusion detection
systems | unix
SHA-256 | 1d02200a3f579fdc3218e4bdd25df1afbb4db150dbde10e550b527761d98f4ca
Cisco Security Advisory 20160518-wsa4
Posted May 18, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco AsyncOS for the Cisco Web Security Appliance (WSA) when the software handles a specific HTTP response code could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance because the appliance runs out of system memory. The vulnerability occurs because the software does not free client and server connection memory and system file descriptors when a certain HTTP response code is received in the HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition because the appliance runs out of system memory. When this happens, the device can no longer accept new incoming connection requests. Cisco has released software updates that address this vulnerability. A workaround that addresses this vulnerability is also available.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | b11575ce8d127f5df49b01eb0c86396ad5782f7a7e0f3bdae2fdeb9a80362008
Cisco Security Advisory 20160518-wsa3
Posted May 18, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in HTTP request parsing in Cisco AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the proxy process unexpectedly restarts. The vulnerability occurs because the affected software does not properly allocate space for the HTTP header and any expected HTTP payload. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to cause a DoS condition when the proxy process unexpectedly reloads, which can cause traffic to be dropped. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | 21c673b47e281e2e70421d9a8907f9602e0c7e17e628d35171c925eb9e710b26
Cisco Security Advisory 20160518-wsa2
Posted May 18, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the cached file-range request functionality of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an appliance due to the appliance running out of system memory. The vulnerability is due to a failure to free memory when a file range for cached content is requested through the WSA. An attacker could exploit this vulnerability by opening multiple connections that request file ranges through the affected device. A successful exploit could allow the attacker to cause the WSA to stop passing traffic when enough memory is used and not freed. Cisco has released software updates that address this vulnerability. A workaround that mitigates this vulnerability is also available.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | 5afe1eeec11fc63f9df8c27a0131f5ca50d9bbb92873adaf6907c82405559c97
Cisco Security Advisory 20160518-wsa1
Posted May 18, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability that occurs when parsing an HTTP POST request with Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) vulnerability due to the proxy process becoming unresponsive. The vulnerability is due to a lack of proper input validation of the packets that make up the HTTP POST request. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the affected device. An exploit could allow the attacker to cause a DoS condition due to the proxy process becoming unresponsive and the WSA reloading. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, web, denial of service
systems | cisco
SHA-256 | 3989f6fd6c41f3bf8e2da257cae824d30c420fefadc7c41c4e080ea8c438bbfa
HP Security Bulletin HPSBHF03579 1
Posted May 18, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03579 1 - HPE ConvergedSystem for SAP HANA has addressed security vulnerabilities in OpenSSL. The Cross-protocol Attack on TLS using SSLv2, also known as "DROWN", could be could be remotely exploited resulting in disclosure of privileged information, unauthorized access to data, and unauthorized access to sensitive information. Revision 1 of this advisory.

tags | advisory, vulnerability, protocol
advisories | CVE-2016-0800
SHA-256 | 839547502680a606065e72839f52dfc00f6e75d89e9b9b2ef70a67959bf073f8
HP Security Bulletin HPSBHF03578 1
Posted May 18, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03578 1 - HPE ConvergedSystem for SAP HANA Solutions has addressed stack-based buffer overflows in the GNU C library's (glibc) implementation of the getaddrinfo() library function. These vulnerabilities could be exploited remotely to cause a Denial of Service (DoS) or allow execution of arbitrary code on the host with the permissions of a user using the glibc library. Revision 1 of this advisory.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
advisories | CVE-2015-7547
SHA-256 | f467478965503248c96c094ed51e89e4ccb098e7d4023a82cd28359603541c37
HP Security Bulletin HPSBGN03602 1
Posted May 18, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03602 1 - A potential security vulnerability has been identified in HPE RESTful Interface Tool application on Linux and Windows. The vulnerability could be exploited locally resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
systems | linux, windows
advisories | CVE-2016-2023
SHA-256 | 1c6a6377136f788d5ead75de59c4a1251040191325e8f3d2b0f9c32620f0660f
Magento Unauthenticated Arbitrary File Write
Posted May 18, 2016
Authored by agix

Magento versions prior to 2.0.6 suffer from an unauthenticated arbitrary unserialize to arbitrary write file vulnerability.

tags | exploit, arbitrary
advisories | CVE-2016-4010
SHA-256 | aabdfe5b303d6f19ce1fc498c50679f141c6beebfcd6c15c192c8f28b94a86a8
4digits 1.1.4 Local Buffer Overflow
Posted May 18, 2016
Authored by N_A

4digits version 1.1.4 suffers from a local buffer overflow that allows for privilege escalation providing the binary is either setuid or setgid.

tags | exploit, overflow, local
SHA-256 | 818b7cc163a17f93ba734876b24e2a24d385192108de436e269ae066edffd90a
Ubuntu Security Notice USN-2950-4
Posted May 18, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2950-4 - USN-2950-1 fixed vulnerabilities in Samba. The backported fixes introduced in Ubuntu 12.04 LTS caused interoperability issues. This update fixes compatibility with certain NAS devices, and allows connecting to Samba 3.6 servers by relaxing the "client ipc signing" parameter to "auto". Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118
SHA-256 | f4fd0e1458d4dd5d78caeb773aa4e0931c482552cdafe454a555c5a3054c7479
Ubuntu Security Notice USN-2983-1
Posted May 18, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2983-1 - Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-0718
SHA-256 | 4eeeb7ba793af60fa54b7a31bac089e6d2f970324f6e28dde272f727e5b36a32
Debian Security Advisory 3582-1
Posted May 18, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3582-1 - Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. A remote attacker can take advantage of this flaw to cause an application using the Expat library to crash, or potentially, to execute arbitrary code with the privileges of the user running the application.

tags | advisory, remote, overflow, arbitrary
systems | linux, debian
advisories | CVE-2016-0718
SHA-256 | 2d59b734305bab95e5db0032d8269c83f14993b9f5fd822d355bce54bd326412
FreeBSD Security Advisory - FreeBSD-SA-16:19.sendmsg
Posted May 18, 2016
Authored by CTurt and the HardenedBSD team | Site security.freebsd.org

FreeBSD Security Advisory - Incorrect argument handling in the socket code allows malicious local user to overwrite large portion of the kernel memory. Malicious local user may crash kernel or execute arbitrary code in the kernel, potentially gaining superuser privileges.

tags | advisory, arbitrary, kernel, local
systems | freebsd
advisories | CVE-2016-1887
SHA-256 | 645db3fe4369fd21421c9b74273cd54e8fa721a229dc9fde4d52770ffac13ad6
FreeBSD Security Advisory - FreeBSD-SA-16:18.atkbd
Posted May 18, 2016
Authored by CTurt and the HardenedBSD team | Site security.freebsd.org

FreeBSD Security Advisory - Incorrect signedness comparison in the ioctl(2) handler allows a malicious local user to overwrite a portion of the kernel memory. A local user may crash the kernel, read a portion of kernel memory and execute arbitrary code in kernel context. The result of executing an arbitrary kernel code is privilege escalation.

tags | advisory, arbitrary, kernel, local
systems | freebsd
advisories | CVE-2016-1886
SHA-256 | c7c48a6a99a2c6c01b08b27fe32854f8e9e9d8b0f9221e5d0765b78ae72824fc
HP Security Bulletin HPSBGN03587 1
Posted May 18, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03587 1 - 3rd party code template: A security vulnerability in Open vSwitch could potentially impact HPE Helion OpenStack resulting in a remote denial of Service (DoS) or arbitrary command execution. HPE Helion OpenStack has also addressed several OpenSSL vulnerabilities including: The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Multiple OpenSSL vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS) or other impacts. Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, protocol
advisories | CVE-2016-0703, CVE-2016-0705, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
SHA-256 | d4fceaa0ba4a7864b939e73b9efc7e9a3c3d9f771140a67054d955accf574196
Tns-Voyages Script 1.7.1 SQL Injection
Posted May 18, 2016
Authored by indoushka

Tns-Voyages Script version 1.7.1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 45bae1c6424f2044e6cc1f4b9970750ce5fd63fa497308b038f82330f0d107b7
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close