Showing 1 - 5 of 5

Files Date: 2016-07-02

Ubuntu 16.04 Netfilter target_offset Out-Of-Bounds Local Root: Posted Jul 2, 2016; Authored by Vitaly Nikolenko; Ubuntu Linux 16.04 local root exploit that leverages a netfilter target_offset out-of-bounds vulnerability.; tags | exploit, local, root; systems | linux, ubuntu; SHA-256 | 688cfd5435b7e62582a5df7460ede157064887278deba6b8db8ec8bd923aa20b; Download | Favorite | View

Debian Security Advisory 3615-1: Posted Jul 2, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3615-1 - Multiple vulnerabilities were discovered in the dissectors/parsers for PKTC, IAX2, GSM CBCH and NCP, SPOOLS, IEEE 802.11, UMTS FP, USB, Toshiba, CoSine, NetScreen, WBXML which could result in denial of service or potentially the execution of arbitrary code.; tags | advisory, denial of service, arbitrary, vulnerability; systems | linux, debian; advisories | CVE-2016-5350, CVE-2016-5351, CVE-2016-5353, CVE-2016-5354, CVE-2016-5355, CVE-2016-5356, CVE-2016-5357, CVE-2016-5359; SHA-256 | d1c067496b4eef4dd1c1d0776f312a421876b196e12462a320ad7caa30202eea; Download | Favorite | View

Debian Security Advisory 3613-1: Posted Jul 2, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3613-1 - Vivian Zhang and Christoph Anton Mitterer discovered that setting an empty VNC password does not work as documented in Libvirt, a virtualisation abstraction library. When the password on a VNC server is set to the empty string, authentication on the VNC server will be disabled, allowing any user to connect, despite the documentation declaring that setting an empty password for the VNC server prevents all client connections. With this update the behaviour is enforced by setting the password expiration to "now".; tags | advisory; systems | linux, debian; advisories | CVE-2016-5008; SHA-256 | 40eb5793bb6cd89796053333ac3de675058f4fe68e4a83f76ae3ad3bb8c56d4e; Download | Favorite | View

Debian Security Advisory 3614-1: Posted Jul 2, 2016; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3614-1 - The TERASOLUNA Framework Development Team discovered a denial of service vulnerability in Apache Commons FileUpload, a package to make it easy to add robust, high-performance, file upload capability to servlets and web applications. A remote attacker can take advantage of this flaw by sending file upload requests that cause the HTTP server using the Apache Commons Fileupload library to become unresponsive, preventing the server from servicing other requests.; tags | advisory, remote, web, denial of service, file upload; systems | linux, debian; advisories | CVE-2016-3092; SHA-256 | 8dbdb645982cfd7d0be2c190d07143c9f61b91668bd2ea676e951e673b8b3ff3; Download | Favorite | View

Apache Qpid Untrusted Input Deserialization: Posted Jul 2, 2016; Authored by Matthias Kaiser; When applications call getObject() on a consumed JMS ObjectMessage they are subject to the behaviour of any object deserialization during the process of constructing the body to return. Unless the application has taken outside steps to limit the deserialization process, they can't protect against input that might try to make undesired use of classes available on the application classpath that might be vulnerable to exploitation. Apache Qpid AMQP 0-x JMS client versions 6.0.3 and earlier and Qpid JMS (AMQP 1.0) client versions 0.9.0 and earlier are affected.; tags | advisory; advisories | CVE-2016-4974; SHA-256 | a334cb653669fa548ee6ab3108c37becded85013ee84bdec62a00650922edf5e; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days