what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-08-05

Cisco Security Advisory 20160804-wedge
Posted Aug 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the processing of Network Time Protocol (NTP) packets by Cisco IOS could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP packets to be processed by an affected device. An exploit could allow the attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability; however, there is a mitigation for this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | d7ed846fd6ca8dcae4206ce7734247e29aa55be5e168fad0c5556574405675ee
Debian Security Advisory 3641-1
Posted Aug 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3641-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox or denial of service.

tags | advisory, java, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3606
SHA-256 | 171a166d3418bd10a7c29d4d619d66cf69f6fa2e29276ff7a73cef8c5bc549f3
Ubuntu Security Notice USN-3046-1
Posted Aug 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3046-1 - Yves Younan and Richard Johnson discovered that LibreOffice incorrectly handled presentation files. If a user were tricked into opening a specially crafted presentation file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1513
SHA-256 | 12a124b6b3f752559ac8080acff816bba17fdb6a8d50dcbca10baa185ab91344
Red Hat Security Advisory 2016-1573-01
Posted Aug 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1573-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, cgi
systems | linux, redhat
advisories | CVE-2016-5408
SHA-256 | 8ecfd4468bdf5c270b2a694d9f7eb8b66f3441dff021e7acaf9b4ba8c23716ce
Ubuntu Security Notice USN-3041-1
Posted Aug 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3041-1 - Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service or execute arbitrary code. It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1705, CVE-2016-1706, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5137
SHA-256 | a894dd337e1dbc99720884f2cbf398faec9048d78d41ec516e1a6b452cd51967
Ubuntu Security Notice USN-3044-1
Posted Aug 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3044-1 - Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. Toni Huttunen discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed. A remote attacker could potentially exploit this to track users, resulting in information disclosure. Various other issues were also addressed.

tags | advisory, remote, denial of service, info disclosure
systems | linux, ubuntu
advisories | CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5268
SHA-256 | 107aea46d43767c24d152b35ee26b6d29d2d088ed48f4b1e3d272428623578a4
Ubuntu Security Notice USN-3047-1
Posted Aug 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3047-1 - Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use th is issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-4439, CVE-2016-4441, CVE-2016-4453, CVE-2016-4454, CVE-2016-4952, CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5126, CVE-2016-5238, CVE-2016-5337, CVE-2016-5338, CVE-2016-5403, CVE-2016-6351
SHA-256 | bcefab0e4c0425ce4a72b7328693b95ea5ed7a47800b8d6f73f293a7b21d1431
LibGD 2.2.2 Integer Overflow / Denial Of Service
Posted Aug 5, 2016
Authored by Kasper Leigh Haabb | Site secunia.com

Secunia Research has discovered a vulnerability in LibGD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error within the "_gdContributionsAlloc()" function (gd_interpolation.c) and can be exploited to cause an out-of-bounds memory write access or exhaust available memory. Version 2.2.2 is affected.

tags | advisory, denial of service, overflow
advisories | CVE-2016-6207
SHA-256 | 92998209c35159f509bfca3cc0a070d94e80e86cc3547b28a2fad9d5f643df14
VMware vSphere Hypervisor (ESXi) HTTP Response Injection
Posted Aug 5, 2016
Authored by Matthias Deeg | Site syss.de

The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers.

tags | exploit, web, arbitrary, javascript
advisories | CVE-2016-5331
SHA-256 | 0ea7840b55195ffc59088e4202c17bca17d25971220fb512df76ebf66e0575f9
Subrion CMS 4.0.5 SQL Injection
Posted Aug 5, 2016
Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com

Subrion CMS version 4.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | bb75027c0fd8158ce62624a0f4ce805abec0311edb5fed4a326ca7c2c75fef12
Typesettercms 5.0.1 Cross Site Request Forgery
Posted Aug 5, 2016
Authored by Vulnerability Laboratory, ZwX | Site vulnerability-lab.com

Typesettercms version 5.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 97f93bf58a656584b78e206066c4d69552a6049b2f557986e6908db85e94f3b8
FortiCloud Cross Site Scripting
Posted Aug 5, 2016
Authored by Vulnerability Laboratory, Lawrence Amer | Site vulnerability-lab.com

The Reports Summary functionality of FortiCloud suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 9da9ff1510507abfc56a0369b5d84e17ad47e2ad9a5bf8e9c340f67c0b7662c3
SMB Delivery Module
Posted Aug 5, 2016
Authored by Andrew Smith, Russel Van Tuyl | Site metasploit.com

This Metasploit module serves payloads via an SMB server and provides commands to retrieve and execute the generated payloads. Currently supports DLLs and Powershell.

tags | exploit
SHA-256 | 5b9116475555e1a210055376f6f5b609d8eb365cce5fbb76c27ed32be445400e
Sophos Mobile Control 3.5.0.3 Open Reverse Proxy
Posted Aug 5, 2016
Authored by Tim Kretschmann

Sophos EAS Proxy is part of the Enterprise Mobility Management (EMM) platform Sophos Mobile Control, which allows control of mail access for managed mobile devices. Anonymous attackers can access any web-resources of the backend mail system like Microsoft Exchange or IBM Domino, if Lotus Traveler option is enabled. Brute force attacks against users in the backend mail system are also possible. Version 3.5.0.3 is affected.

tags | exploit, web
advisories | CVE-2016-6597
SHA-256 | 13292e8189bb32eb950d3a3ed393223e5c68751d34f25e1d5312f596b3dfaf82
Davolink DV-2051 Missing Access Control
Posted Aug 5, 2016
Authored by Eric Flokstra

Davolink DV-2051 suffers from a missing access control vulnerability.

tags | exploit, bypass
SHA-256 | 529fab643e46a9923439cedec6433afa1d5748b5345eb0c43795400ba84a058c
PHP Power Browse 1.2 Path Traversal
Posted Aug 5, 2016
Authored by Manuel Mancera

PHP Power Browse version 1.2 suffers from a path traversal vulnerability.

tags | exploit, php, file inclusion
SHA-256 | 8b8a162d3c14e0c64a9a05aaa6b102b2d3a4f2860961284d59c4a70a705e79fd
ntop 2.5 Cross Site Request Forgery / Command Execution
Posted Aug 5, 2016
Authored by Javier Marcos

ntop versions 2.3 through 2.5 suffer from cross site request forgery and multiple command execution vulnerabilities.

tags | exploit, vulnerability, csrf
SHA-256 | 770164a4c0f417e2ef356a07c6c292ea91afaec8f9f033750324569d2304ea69
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close