This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
efc912a2ef7e938fa36df6787cd9d21b45463cd4f9d70764e9e61a961786691bThe login component of the Polycom Command Shell on Polycom HDX video endpints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
548cc509510583c6e9073f79cf341d4f7d444c54333db5eee6854c756f2f9ecfTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
ef7b488e810aef88de330c0e20b0f8202df6271ec36d6e164ce3536c4e40d3aaRed Hat Security Advisory 2016-1539-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory.
a0ebfcaea69e03370b97678ac5b2af09385693a06588a694af826744d11bfd62Red Hat Security Advisory 2016-1538-01 - The golang packages provide the Go programming language compiler. The following packages have been upgraded to a newer upstream version: golang. Security Fix: An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack.
a49af167bda5963869cc3ce421f91751bc6f1030d72c76554c0eec5ddbbaef2dWordPress WangGuard plugin version 1.7.1 suffers from a cross site scripting vulnerability.
3051456cf2c889f689308508ff4c2b710884818fc46e3bee93704407dccdf0c6WordPress Uji Countdown plugin version 2.0.6 suffers from a cross site scripting vulnerability.
2eb875254f090d907a59a28a55943e84566f3430544df03b57979f23ad8ced80Zoll ePCR version 2.6.4 suffers from a malicious script insertion vulnerability.
02ff9733c2c364cbbbe62aed4f093ecda42c3f5df4f53f6935490c3498ed698aDocebo LMS version 6.9 suffers from a remote code execution vulnerability.
f524c2d024645aff1cf52aac28d1e4b8f18581d220d14822fa0547416aaade37Multiple versions of FortiManager allows for malicious script insertion attacks.
7df3f3e07f45ebb127ad2e79a9448064f5e6886f5a0d7c188ecee2f66517d7d9HP Security Bulletin HPSBGN03564 2 - A vulnerability in Apache Commons Collections for handling Java object deserialization was addressed by HPE Release Control. The vulnerability could be exploited remotely to allow code execution. Revision 2 of this advisory.
afdaca6bf17ef91c2a531287417315a9cb95c9979b6e134ca3e6f79bae9ab7dbRed Hat Security Advisory 2016-1532-02 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
ae0ec067d76f883f07ac5ae1dac7a6ee3601b9b24f9fbd3814d99d690ead6941Red Hat Security Advisory 2016-1541-03 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
993b6f46bf8ef0fd9c20f5a4cd5b31000f1cfdfbbebb96d3af8403e94e254c62Red Hat Security Advisory 2016-1547-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
ed518f90e6c9ad3adf207b0b3d18c196fe24aa28b1fe7abacc185d48bfa46c88Red Hat Security Advisory 2016-1546-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Security Fix: Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
d6d08c83372856ace1e74e57bd70ff4119f60d17795f1b25721f1313504053f7Ubuntu Security Notice 3045-1 - It was discovered that PHP incorrectly handled certain SplMinHeap::compare operations. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.
47fc0ea179e44d1fcb53b84c0bfce2c297ab17348494c2a4bfed673be21e1948HPE Security Bulletin HPSBUX03632 SSRT110194 1 - A potential security vulnerability has been identified in the HP-UX Mail Server running Sendmail. This vulnerability could be locally exploited to allow unauthorized disclosure of information. Revision 1 of this advisory.
2611e14853a5e7f2fd90830bc2ebfaf9ade33c054ba569656fb1ddfa30788e5aWikWiki version 2.1 suffers from a cross site scripting vulnerability.
e5e3d64c6c3e5347c0e6e3ef02dac0d6a5539c8bc5e33440dfd9c6a1c89cad45This archive contains all of the 189 exploits added to Packet Storm in July, 2016.
e13a439ebcbdc61a9426b21acafbdd760dda29f7fe1a26252403bdeab0c53605Joomla BreezingForms component version 1.8.x suffers from a remote file upload vulnerability. The vendor has contacted Packet Storm and has noted that the default installation does not allow for execution of files with a php extension. Further, the issue related to upload was addressed by Crosstec in February of 2016.
63717bcc7aa8aa7398593c0c628ebdcd52dc185b96e37f9597bc76663e440157WinSaber suffers from an unquoted service path privilege escalation vulnerability.
cd220dac4104cf53d7d592fbcd4594bb4ecb9762e472fd17e687a90b0f4ca4ef556 bytes large Windows 7/x86 localhost port scanner shellcode.
265d47836d04b2f6973e571051cc38405113337daf0ac49a78b9ef6d923ed8c3VUPlayer version 2.49 .pls file stack buffer overflow exploit with DEP bypass.
ee1c7e8c354d695397b108f6a9098e64d29ba1236833f715fdd3891a7e7e6ad7Guppy CMS version 5.01.03 suffers from a client-side cross site scripting vulnerability.
6195d576829b909832d59055cd73ace1271af43acf20833c99b77572cb8ea83544, 52 bytes Linux/x86 NetCat bind shell with port shellcode.
d3b7d912c04cefa1326935cd7d9db1c97b626cd012e0f44b92ac0445820ed834
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed