what you don't know can hurt you
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-06-02

EMC Isilon OneFS Privilege Escalation
Posted Jun 2, 2016
Site emc.com

EMC Isilon OneFS is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. Versions 7.1.0.x, 7.1.1.x, 7.2.0.x, and 7.2.1.x are affected.

tags | advisory
advisories | CVE-2016-0908
MD5 | 64416d6345e97e0bd96799c4e22fc02c
Samhain File Integrity Checker 4.1.4
Posted Jun 2, 2016
Authored by Rainer Wichmann | Site samhain.sourceforge.net

Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.

Changes: Various updates.
tags | tool, tcp, intrusion detection
systems | linux, unix, solaris, aix, hpux, unixware
MD5 | d14f54eb4b556510603c02ad3a35e458
HP Security Bulletin HPSBMU03612 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03612 1 - Multiple potential security vulnerabilities have been identified with HPE Insight Control (IC) on Windows which could be exploited remotely resulting in Denial of Service (DoS), Unauthorized Access, Cross-site scripting (XSS), Execution of Arbitrary code, Disclosure of Sensitive Information,Remote Code Execution and locally resulting in Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution, xss, csrf
systems | windows
advisories | CVE-2007-6750, CVE-2011-4969, CVE-2014-3508, CVE-2014-3509, CVE-2014-3511, CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3569, CVE-2015-0205, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3194, CVE-2015-3195, CVE-2015-3237, CVE-2015-6565, CVE-2015-7501, CVE-2015-7547, CVE-2015-7995, CVE-2015-8035, CVE-2016-0705, CVE-2016-0728, CVE-2016-0799, CVE-2016-2015, CVE-2016-2017
MD5 | 0207d928f7226d4094ca1253ba2da50e
Nagios XI 5.2.7 Code Execution / SQL Injection / Privilege Escalation
Posted Jun 2, 2016
Authored by Francesco Oddo | Site security-assessment.com

Nagios XI versions 5.2.7 and below suffer from command execution, privilege escalation, server-side request forgery, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | 1ed41e403f4acb74859a8cdf66a9d049
Debian Security Advisory 3593-1
Posted Jun 2, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3593-1 - Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, or potentially the execution of arbitrary code with the privileges of the user running the application.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2015-8806, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2073, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4449, CVE-2016-4483
MD5 | e5d948e3ee9dc2bca7781c7e17816d38
Red Hat Security Advisory 2016-1201-01
Posted Jun 2, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1201-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 51.0.2704.79. Security Fix: Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

tags | advisory, web, arbitrary
systems | linux, redhat
advisories | CVE-2016-1696, CVE-2016-1697, CVE-2016-1698, CVE-2016-1699, CVE-2016-1700, CVE-2016-1701, CVE-2016-1702, CVE-2016-1703
MD5 | e546cbf309cf7ecda0c0b02375199170
Ubuntu Security Notice USN-2991-1
Posted Jun 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2991-1 - It was discovered that nginx incorrectly handled saving client request bodies to temporary files. A remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2016-4450
MD5 | 242e04b1ad0a92a41ff5835865e899bd
Ubuntu Security Notice USN-2990-1
Posted Jun 2, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2990-1 - Nikolay Ermishkin and Stewie discovered that ImageMagick incorrectly sanitized untrusted input. A remote attacker could use these issues to execute arbitrary code. These issues are known as "ImageTragick". This update disables problematic coders via the /etc/ImageMagick-6/policy.xml configuration file. In certain environments the coders may need to be manually re-enabled after making sure that ImageMagick does not process untrusted input. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718, CVE-2016-5118
MD5 | 20c75259100cd19db0b390a4b4f94d9b
HP Security Bulletin HPSBMU03607 1
Posted Jun 2, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03607 1 - Multiple potential security vulnerabilities have been identified in HPE BladeSystem c-Class Virtual Connect (VC) firmware. These vulnerabilities include: The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information. The Cross-protocol Attack on TLS using SSLv2 also known as "DROWN", which could be exploited remotely resulting in disclosure of information. Additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in Denial of Service (DoS), disclosure of information, or Cross-site Request Forgery (CSRF). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, protocol, csrf
advisories | CVE-2008-5161, CVE-2014-3566, CVE-2015-0705, CVE-2015-1789, CVE-2015-1791, CVE-2015-3194, CVE-2015-5600, CVE-2016-0799, CVE-2016-0800, CVE-2016-2842
MD5 | 6c857b91c2ccec55f2970decf648feab
Liferay 6.2.3 CE GA4 OpenID XXE Injection
Posted Jun 2, 2016
Authored by Sandro Gauci

Liferay supports OpenID login which was found to make use of a version of openid4java that is vulnerable to XML External Entity (XXE) attacks. Liferay versions 6.2.3 CE GA4 and earlier are affected.

tags | exploit
MD5 | c64fbdf39059b7fa5e18bcecae0f2125
rConfig 3.1.1 Local File Inclusion
Posted Jun 2, 2016
Authored by Gregory Pickett | Site hellfiresecurity.com

rConfig versions 3.1.1 and below suffer from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | 762009f992d1d06c83f107f5378da06e
Babylon Translator Cross Site Scripting
Posted Jun 2, 2016
Authored by Francisco Javier Santiago Vazquez

Babylon Translator suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | feb81972ee8a9653f067a7798346badb
Zoho OpManager Cross Site Request Forgery / Cross Site Scripting
Posted Jun 2, 2016
Authored by d_fens

Zoho OpManager versions prior to 12 suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
MD5 | 6dc2978f5e3b33dd9583515da3f1ddee
Ubee EVW3226 Missing Authentication / File Upload / Buffer Overflow
Posted Jun 2, 2016
Authored by Manuel Hofer | Site sec-consult.com

Ubee EVW3226 advanced wireless voice gateway suffers from missing authentication, plaintext secret storage, faux encryption, and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
MD5 | 91757e21c30c2b93a678ef3af47b525d
Ansvif 1.5.1
Posted Jun 2, 2016
Authored by Marshall Whittaker | Site oxagast.github.io

Ansvif is "A Not So Very Intelligent Fuzzer". It feeds garbage arguments and data into programs trying to induce a fault.

Changes: This release includes drafted manpages for ansvif and find_suid, plus binaries rebuilt on Debian Jessie for i386 and amd64. No changes to the Windows release were made.
tags | tool, fuzzer
systems | unix
MD5 | 9d8599991090441a912825ec5a91e7c0
Microsoft Windows Forced Firewall Bypass
Posted Jun 2, 2016
Authored by coolervoid

This is a local proof of concept that simulates a keystroke to allow access when a firewall dialog comes up.

tags | exploit, local, proof of concept
MD5 | d47cdc89cc210d8e606aef4485efe7d2
Page 1 of 1
Back1Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close