exploit the possibilities
Showing 1 - 16 of 16 RSS Feed

Files Date: 2016-07-05

Red Hat Security Advisory 2016-1385-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1385-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash. Upstream acknowledges Xiaoxi Chen as the original reporter of CVE-2016-5009.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5009
MD5 | 667599d1f254da01b58f7899e743024a
Red Hat Security Advisory 2016-1384-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1384-01 - Red Hat Ceph Storage is a massively scalable, open, software-defined storage platform that combines the most stable version of Ceph with a Ceph management platform, deployment tools, and support services. A flaw was found in the way handle_command() function would validate prefix value from user. An authenticated attacker could send a specially crafted prefix value resulting in ceph monitor crash. Upstream acknowledges Xiaoxi Chen as the original reporter of CVE-2016-5009.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5009
MD5 | 14a73ec30f30d91b9e5c760d8716b6da
Ubuntu Security Notice USN-3025-1
Posted Jul 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3025-1 - It was discovered that GIMP incorrectly handled malformed XCF files. If a user were tricked into opening a specially crafted XCF file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-4994
MD5 | 07cf1121168f073cdc5475465d932b42
Ubuntu Security Notice USN-3026-2
Posted Jul 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3026-2 - It was discovered that libusbmuxd incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.

tags | advisory, remote
systems | cisco, linux, ubuntu
advisories | CVE-2016-5104
MD5 | e8aa927789db697e44dd334556705c59
HP Security Bulletin HPSBHF03613 1
Posted Jul 5, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03613 1 - Potential security vulnerabilities in OpenSSL have been addressed with HPE network products including iMC, VCX, Comware 5 and Comware 7. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS) or unauthorized access. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1793
MD5 | b6c855010e079d9ae7b24276064a44ad
Ubuntu Security Notice USN-3026-1
Posted Jul 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3026-1 - It was discovered that libimobiledevice incorrectly handled socket permissions. A remote attacker could use this issue to access services on iOS devices, contrary to expectations.

tags | advisory, remote
systems | cisco, linux, ubuntu
advisories | CVE-2016-5104
MD5 | c45f61b9180777ea4a4b30a127a474a6
Ubuntu Security Notice USN-3024-1
Posted Jul 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3024-1 - It was discovered that Tomcat incorrectly handled pathnames used by web applications in a getResource, getResourceAsStream, or getResourcePaths call. A remote attacker could use this issue to possibly list a parent directory . This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. It was discovered that the Tomcat mapper component incorrectly handled redirects. A remote attacker could use this issue to determine the existence of a directory. This issue only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 15.10. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
MD5 | 9a2d5617b12edbfe63e1b8e19afb2ae5
Red Hat Security Advisory 2016-1378-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1378-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix: An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-4985
MD5 | 5ea0cff3676322c64e00a2ddedeccd2b
Red Hat Security Advisory 2016-1377-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1377-01 - OpenStack Bare Metal is a tool used to provision bare metal machines. It leverages common technologies such as PXE boot and IPMI to cover a wide range of hardware. It also supports pluggable drivers to allow added, vendor-specific functionality. Security Fix: An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew the MAC address of a network card belonging to a node, the flaw could be exploited by sending a crafted POST request to the node's /v1/drivers/$DRIVER_NAME/vendor_passthru resource. The response included the node's full details, including management passwords, even if the /etc/ironic/policy.json file was configured to hide passwords in API responses.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-4985
MD5 | b9de945f7a106d0e3b5f9c7d4edb7fb5
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jul 5, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues.

tags | advisory
systems | linux, slackware
MD5 | 57492e548a5e943a57e5239760892e14
Red Hat Security Advisory 2016-1380-01
Posted Jul 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1380-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash.

tags | advisory, javascript
systems | linux, redhat
advisories | CVE-2014-7191
MD5 | b3fd89193c0dc8693f2e0bc388237b00
Debian Security Advisory 3616-1
Posted Jul 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3616-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, debian
advisories | CVE-2014-9904, CVE-2016-5728, CVE-2016-5828, CVE-2016-5829, CVE-2016-6130
MD5 | a20f928a5293d8f132685306e26ea725
WordPress CodeCanyon Real3D FlipBook 2.18.8 File Deletion / Upload / XSS
Posted Jul 5, 2016
Authored by Mukarram Khalid

WordPress CodeCanyon Real3D FlipBook plugin version 2.18.8 suffers from unauthenticated file deletion, file upload, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, file upload
MD5 | a6f0fad26239bf3152b28b3b1ba8e436
Acer Portal Android Application 3.9.3.2006 Man-In-The-Middle
Posted Jul 5, 2016
Authored by David Coomber

The Acer Portal Android application version 3.9.3.2006 and below, installed by the manufacturer on all Acer branded Android devices, does not validate the SSL certificate it receives when connecting to the mobile application login server.

tags | advisory
advisories | CVE-2016-5648
MD5 | 18577e2af30c987e1bffc397498a8603
Apple Safari 9.1.1 Local XXE Injection
Posted Jul 5, 2016
Authored by Filippo Cavallarin

Apple Safari version 9.1.1 for Mac OS X suffers from a local XXE vulnerability when processing specially crafted SVG images. This does not work with downloaded files.

tags | exploit, local, xxe
systems | apple, osx
MD5 | eca7235592ede1e4ce40d0d71bcb9cb9
Apache 2.4.20 X509 Authentication Bypass
Posted Jul 5, 2016
Authored by Erki Aring | Site httpd.apache.org

Apache HTTPD WebServer versions 2.4.18 through 2.4.20 do not validate an X509 client certificate correctly when the experimental module for the HTTP/2 protocol is used to access a resource.

tags | advisory, web, protocol
advisories | CVE-2016-4979
MD5 | b5c0ac0ce5351e0eb9891688f3492318
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    12 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    16 Files
  • 22
    May 22nd
    3 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close