the original cloud security
Showing 1 - 14 of 14 RSS Feed

Files Date: 2016-07-22

NetBSD mail.local(8) Local Root
Posted Jul 22, 2016
Authored by Akat1

NetBSD mail.local(8) local root exploit that leverages a race condition as noted in NetBSD-SA2016-006.

tags | exploit, local, root
systems | netbsd
advisories | CVE-2016-6253
MD5 | da3f7174a3da6c72191ca5cb6e44a124
Barracuda Web App Firewall / Load Balancer Remote Root
Posted Jul 22, 2016
Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Web App Firewall Firmware version 8.0.1.007 and below and Load Balancer Firmware versions 5.4.0.004 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configurations on the appliances.

tags | exploit, remote, web, root
MD5 | e1a7bb9cde66071052ef2852ba90e603
Barracuda Spam And Virus Firewall 5.1.3.007 Remote Root
Posted Jul 22, 2016
Authored by Russell Sanford | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in the Barracuda Spam and Virus firewall firmware versions 5.1.3.007 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do to relaxed sudo configuration on the local machine.

tags | exploit, remote, web, local, root, virus
MD5 | 2a96fb51418e508bdae5e924090c797d
Rapid7 AppSpider 6.12 Privilege Escalation
Posted Jul 22, 2016
Authored by LiquidWorm | Site zeroscience.mk

Rapid7 AppSpider version 6.12 web application vulnerability scanner suffers from an unquoted search path issue impacting the services 'AppSpider REST Server', 'AppSpider REST Service' and 'AppSpiderUpgradeService' for Windows deployed as part of AppSpider solution. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user's code would execute with the elevated privileges of the application.

tags | exploit, web, arbitrary, local, root
systems | windows
MD5 | c1ee868f5b0f95d997aa0ee05c17c679
TeamPass Passwords Management System 2.1.26 File Download
Posted Jul 22, 2016
Authored by Hasan Emre Ozer

TeamPass Passwords Management System versions 2.1.26 and below suffer from an unauthenticated arbitrary file download vulnerability.

tags | exploit, arbitrary
MD5 | 34adada6439a4ff0125697f7f17b27ec
Debian Security Advisory 3625-1
Posted Jul 22, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3625-1 - Several security issues have been discovered in the Squid caching proxy.

tags | advisory
systems | linux, debian
advisories | CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556
MD5 | ddd48ef65a64fd9bd1cf477eedf0977a
Slackware Security Advisory - gimp Updates
Posted Jul 22, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-4994
MD5 | 822688917f6b70b5276b83764b0eeb95
Slackware Security Advisory - php Updates
Posted Jul 22, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2016-5385, CVE-2016-6207
MD5 | e5a6bb3c5f32f84e2e4a02c3b6c5b311
HP Security Bulletin HPSBGN03631 1
Posted Jul 22, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03631 1 - A potential security vulnerability has been identified with HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service
advisories | CVE-2016-3092
MD5 | 89fa2a7e800fca1cc68c588fd8ee3dad
Debian Security Advisory 3624-1
Posted Jul 22, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3624-1 - Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440
MD5 | 180fd189cb0dde3b66500b2bc724f8b0
Cisco Security Advisory 20160721-asn1c
Posted Jul 22, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation functions that are subsequently included within affected Cisco products. An attacker could exploit this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message designed to trigger the issue to an affected function. US-CERT has released Vulnerability Note VU#790839 to document the issue. Cisco will release software updates that address this vulnerability.

tags | advisory, remote, denial of service, arbitrary
systems | cisco
MD5 | 0fa0c9572a597a8eeaceccebda7cba5f
CA eHealth Denial Of Service / Code Execution
Posted Jul 22, 2016
Authored by Kevin Kotas | Site www3.ca.com

CA Technologies Support is alerting customers to multiple potential risks with CA eHealth. Two vulnerabilities exist in the web interface that can allow a remote authenticated attacker to cause a denial of service condition or possibly execute arbitrary commands. CA technologies assigned a High risk rating to these vulnerabilities. CA has a solution available.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
advisories | CVE-2016-6151, CVE-2016-6152
MD5 | f7990d61d3ee66e05bab70896370a561
Slackware Security Advisory - bind Updates
Posted Jul 22, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-2775
MD5 | d4cd4048a532c8fc589dbc7a6112f642
Apache POI 3.5 XML Injection
Posted Jul 22, 2016
Authored by Mauro Gentile

Apache POI's XLSX2CSV example suffers from an XML external entity injection vulnerability. Versions 3.13 through 3.5 are affected.

tags | advisory
advisories | CVE-2016-5000
MD5 | ffbda140415d07d8fb94b9b5d2f4e402
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close