what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-07-20

Gentoo Linux Security Advisory 201607-14
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-14 - A vulnerability in Ansible may allow local attackers to gain escalated privileges or write arbitrary files. Versions less than 1.9.6 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
advisories | CVE-2016-3096
MD5 | 7890542afc4d5a602c7ffae495bcfd7f
Gentoo Linux Security Advisory 201607-13
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-13 - A buffer overflow in libbsd might allow remote attackers to execute arbitrary code. Versions less than 0.8.2 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2016-2090
MD5 | b4c76bd485f835037aad75cc817384a9
Gentoo Linux Security Advisory 201607-12
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-12 - A local attacker could execute arbitrary code by providing unsanitized data to a data source or escalate privileges. Versions less than 4.87 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
advisories | CVE-2014-2972
MD5 | 32bd42dd8cf8166b8f15c59ffe685b5e
Gentoo Linux Security Advisory 201607-11
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-11 - Multiple vulnerabilities have been found in Bugzilla, the worst of which could lead to the escalation of privileges. Versions less than 5.0.3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8630
MD5 | f083920dbe30e19af78873a4c77d3e00
Gentoo Linux Security Advisory 201607-10
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-10 - Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow. Versions less than 3.0.7 are affected.

tags | advisory, remote, web, overflow
systems | linux, gentoo
advisories | CVE-2015-8852
MD5 | 1ad921f67c3490a3a27cabe31e91f6e4
Gentoo Linux Security Advisory 201607-09
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-9 - Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code. Versions below 1.9.2 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0114
MD5 | bbb4bb90d2d69cabe7c640caf3a230f7
Gentoo Linux Security Advisory 201607-08
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-8 - A vulnerability has been found in Dropbear, which allows remote authenticated users to bypass intended shell-command restrictions. Versions less than 2016.73 are affected.

tags | advisory, remote, shell
systems | linux, gentoo
advisories | CVE-2016-3116
MD5 | 541397748c4af60e26ad1d102d752ee5
Red Hat Security Advisory 2016-1439-01
Posted Jul 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1439-01 - Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak project, that provides authentication and standards-based SSO capabilities for web and mobile applications. This asynchronous patch is a security update for JGroups package in Red Hat Single Sign-On 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, web, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
MD5 | ce6c46b79adeb3f22439e26fa1e7f2a7
Debian Security Advisory 3623-1
Posted Jul 20, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3623-1 - Scott Geary of VendHQ discovered that the Apache HTTPD server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, debian
advisories | CVE-2016-5387
MD5 | d0615c9ff4f86bce1493eaec4f9eb683
Oracle Patches 27 Vulnerabilities
Posted Jul 20, 2016
Authored by David Litchfield

A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.x and 11.5, Apex, Primavera, OBIEE, and Agile DB components. These issues include SQL injection, cross site scripting, XXE injection, SSRF, failed access controls, and more.

tags | exploit, vulnerability, xss, sql injection, xxe
advisories | CVE-2016-3448, CVE-2016-3467
MD5 | ee51786f3fcbeed16c2224dbb1d9ae36
Wowza Streaming Engine 4.5.0 Cross Site Scripting
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 4.5.0 build 18676 is affected.

tags | exploit, arbitrary, vulnerability, xss
MD5 | 169e90eaf6e2f33cc3f262fe82fbdf71
Wowza Streaming Engine 4.5.0 Cleartext Sensitive Information Storage
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine version 4.5.0 build 18676 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. When the file is modified it is automatically applied into the application with newly created user account. Wowza stores sensitive information such as username and password in cleartext in admin.password file, which is readable by local users.

tags | exploit, local
MD5 | 4b1acf67336bad2ba80dbdd003a28cea
Wowza Streaming Engine 4.5.0 Cross Site Request Forgery
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine version 4.5.0 build 18676 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 15fd1bda51887160628be1f14fadf31d
Wowza Streaming Engine 4.5.0 Remote Privilege Escalation
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter 'accessLevel' to 'admin' gaining admin rights and/or setting the parameter 'advUser' to 'true' and '_advUser' to 'on' gaining advanced admin rights. Version 4.5.0 build 18676 is affected.

tags | exploit
MD5 | 7387ac571be10485ca7a269cad403bba
Wowza Streaming Engine 4.5.0 Local Privilege Escalation
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group. In combination with insecure file permissions the application suffers from an unquoted search path issue impacting the services 'WowzaStreamingEngine450' and 'WowzaStreamingEngineManager450' for Windows deployed as part of Wowza Streaming software. Version 4.5.0 build 18676 is affected.

tags | exploit
systems | windows
MD5 | b436a59d1a7e647bb91ff95d5aadac30
Page 1 of 1
Back1Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    10 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close