what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-07-20

Gentoo Linux Security Advisory 201607-14
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-14 - A vulnerability in Ansible may allow local attackers to gain escalated privileges or write arbitrary files. Versions less than 1.9.6 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
advisories | CVE-2016-3096
SHA-256 | 5abe34fb3432373e7e24b84ec2f041264edc4100c25d4e25c505f3aa830b83cf
Gentoo Linux Security Advisory 201607-13
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-13 - A buffer overflow in libbsd might allow remote attackers to execute arbitrary code. Versions less than 0.8.2 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2016-2090
SHA-256 | f356293130cc41f6c5d8ce93ce7fc682a43dcb6604dc3e0f868c6dca3d2c0fc3
Gentoo Linux Security Advisory 201607-12
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-12 - A local attacker could execute arbitrary code by providing unsanitized data to a data source or escalate privileges. Versions less than 4.87 are affected.

tags | advisory, arbitrary, local
systems | linux, gentoo
advisories | CVE-2014-2972
SHA-256 | 22534b373f0d93237acf41108fb6a56ff906ad77fd8c5a9ae003dd2dc9682857
Gentoo Linux Security Advisory 201607-11
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-11 - Multiple vulnerabilities have been found in Bugzilla, the worst of which could lead to the escalation of privileges. Versions less than 5.0.3 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8630
SHA-256 | 80a0902267c16233710208037b188bcd90eb15791d34baf0375c867b48579f49
Gentoo Linux Security Advisory 201607-10
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-10 - Improper input validation in Varnish allows remote attackers to conduct HTTP smuggling attacks, and possibly trigger a buffer overflow. Versions less than 3.0.7 are affected.

tags | advisory, remote, web, overflow
systems | linux, gentoo
advisories | CVE-2015-8852
SHA-256 | c34e7c2fcf5bec193bd0105cdbf6caa9e33b041e525c3094834b3e35b5bdb77a
Gentoo Linux Security Advisory 201607-09
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-9 - Apache Commons BeanUtils does not properly suppress the class property, which could lead to the remote execution of arbitrary code. Versions below 1.9.2 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2014-0114
SHA-256 | e796b79d0cecceb30859bf6409dd12a908bf0b6687463fd62c86692038a1b122
Gentoo Linux Security Advisory 201607-08
Posted Jul 20, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201607-8 - A vulnerability has been found in Dropbear, which allows remote authenticated users to bypass intended shell-command restrictions. Versions less than 2016.73 are affected.

tags | advisory, remote, shell
systems | linux, gentoo
advisories | CVE-2016-3116
SHA-256 | 37c6e42ccd2e3205e832bfa112c6fd71bfd4a0029363d1e168539226fbb72a83
Red Hat Security Advisory 2016-1439-01
Posted Jul 20, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1439-01 - Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak project, that provides authentication and standards-based SSO capabilities for web and mobile applications. This asynchronous patch is a security update for JGroups package in Red Hat Single Sign-On 7.0. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, web, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2016-2141
SHA-256 | 317cf16ea3dbb6853842f5156d6f798a461a36ad069b855b978b49ca6e73153c
Debian Security Advisory 3623-1
Posted Jul 20, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3623-1 - Scott Geary of VendHQ discovered that the Apache HTTPD server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, debian
advisories | CVE-2016-5387
SHA-256 | 3f0f077fa580f9c70a712a8e940ea126c15ee5ca79bb2cc5ae3afdb0dbc13ec9
Oracle Patches 27 Vulnerabilities
Posted Jul 20, 2016
Authored by David Litchfield

A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.x and 11.5, Apex, Primavera, OBIEE, and Agile DB components. These issues include SQL injection, cross site scripting, XXE injection, SSRF, failed access controls, and more.

tags | exploit, vulnerability, xss, sql injection, xxe
advisories | CVE-2016-3448, CVE-2016-3467
SHA-256 | 1653be97a06d0c2cfb3b03919f6fc2b0e26ba7129144b78467d3acbf64b1587a
Wowza Streaming Engine 4.5.0 Cross Site Scripting
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 4.5.0 build 18676 is affected.

tags | exploit, arbitrary, vulnerability, xss
SHA-256 | 2523e79ab44f97c6ba12c7d6cca69bcb2705a67438d5e18cab9228b1987fd2b6
Wowza Streaming Engine 4.5.0 Cleartext Sensitive Information Storage
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine version 4.5.0 build 18676 stores sensitive information in cleartext within a resource that might be accessible to another control sphere. When the file is modified it is automatically applied into the application with newly created user account. Wowza stores sensitive information such as username and password in cleartext in admin.password file, which is readable by local users.

tags | exploit, local
SHA-256 | 6aeb40c49c98f54885a81500ea883a8c18636e37e6a4106edc674c11c35d726c
Wowza Streaming Engine 4.5.0 Cross Site Request Forgery
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine version 4.5.0 build 18676 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 62f01e79af598b0742b989b77d2439edfb0e0bc768e7e6c6f6a1d2e4736744c2
Wowza Streaming Engine 4.5.0 Remote Privilege Escalation
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

The Wowza Streaming Engine application suffers from a privilege escalation issue. Normal user (read-only) can elevate his/her privileges by sending a POST request setting the parameter 'accessLevel' to 'admin' gaining admin rights and/or setting the parameter 'advUser' to 'true' and '_advUser' to 'on' gaining advanced admin rights. Version 4.5.0 build 18676 is affected.

tags | exploit
SHA-256 | 6dff3829d868f5291d523f9273d16a035430766d14c73adc9a0bea44fd2a9c99
Wowza Streaming Engine 4.5.0 Local Privilege Escalation
Posted Jul 20, 2016
Authored by LiquidWorm | Site zeroscience.mk

Wowza Streaming Engine suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Everyone' group. In combination with insecure file permissions the application suffers from an unquoted search path issue impacting the services 'WowzaStreamingEngine450' and 'WowzaStreamingEngineManager450' for Windows deployed as part of Wowza Streaming software. Version 4.5.0 build 18676 is affected.

tags | exploit
systems | windows
SHA-256 | d540e3f2fcd68f2e6da510dff4fc2e5afbf1649659c608d2f1f24e39cb9e934c
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close