exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-08-05

Cisco Security Advisory 20160804-wedge
Posted Aug 5, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the processing of Network Time Protocol (NTP) packets by Cisco IOS could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to insufficient checks on clearing the invalid NTP packets from the interface queue. An attacker could exploit this vulnerability by sending a number of crafted NTP packets to be processed by an affected device. An exploit could allow the attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. Cisco released software updates that address this vulnerability. There are no workarounds that address this vulnerability; however, there is a mitigation for this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | 0603b00297fbcd9e1b654faec7df9090
Debian Security Advisory 3641-1
Posted Aug 5, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3641-1 - Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox or denial of service.

tags | advisory, java, denial of service, vulnerability
systems | linux, debian
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3606
MD5 | 8b7a4c297067c012039def28ff92f313
Ubuntu Security Notice USN-3046-1
Posted Aug 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3046-1 - Yves Younan and Richard Johnson discovered that LibreOffice incorrectly handled presentation files. If a user were tricked into opening a specially crafted presentation file, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1513
MD5 | f383d00695643f1c489997529dd48385
Red Hat Security Advisory 2016-1573-01
Posted Aug 5, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1573-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix: It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, cgi
systems | linux, redhat
advisories | CVE-2016-5408
MD5 | 15b2429a81a9c12b3390c34d17bbda3f
Ubuntu Security Notice USN-3041-1
Posted Aug 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3041-1 - Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service or execute arbitrary code. It was discovered that the PPAPI implementation does not validate the origin of IPC messages to the plugin broker process. A remote attacker could potentially exploit this to bypass sandbox protection mechanisms. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1705, CVE-2016-1706, CVE-2016-1710, CVE-2016-1711, CVE-2016-5127, CVE-2016-5128, CVE-2016-5129, CVE-2016-5130, CVE-2016-5131, CVE-2016-5132, CVE-2016-5133, CVE-2016-5134, CVE-2016-5135, CVE-2016-5137
MD5 | 963ea9bc7d8f1722aef9a51d8a5b38db
Ubuntu Security Notice USN-3044-1
Posted Aug 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3044-1 - Gustavo Grieco discovered an out-of-bounds read during XML parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or obtain sensitive information. Toni Huttunen discovered that once a favicon is requested from a site, the remote server can keep the network connection open even after the page is closed. A remote attacker could potentially exploit this to track users, resulting in information disclosure. Various other issues were also addressed.

tags | advisory, remote, denial of service, info disclosure
systems | linux, ubuntu
advisories | CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5268
MD5 | e28a474bdb19789cea82ed5d243b5ee3
Ubuntu Security Notice USN-3047-1
Posted Aug 5, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3047-1 - Li Qiang discovered that QEMU incorrectly handled 53C9X Fast SCSI controller emulation. A privileged attacker inside the guest could use th is issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-4439, CVE-2016-4441, CVE-2016-4453, CVE-2016-4454, CVE-2016-4952, CVE-2016-5105, CVE-2016-5106, CVE-2016-5107, CVE-2016-5126, CVE-2016-5238, CVE-2016-5337, CVE-2016-5338, CVE-2016-5403, CVE-2016-6351
MD5 | bc47352f46382b5dc3167a3e00a42dc3
LibGD 2.2.2 Integer Overflow / Denial Of Service
Posted Aug 5, 2016
Authored by Kasper Leigh Haabb | Site secunia.com

Secunia Research has discovered a vulnerability in LibGD, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error within the "_gdContributionsAlloc()" function (gd_interpolation.c) and can be exploited to cause an out-of-bounds memory write access or exhaust available memory. Version 2.2.2 is affected.

tags | advisory, denial of service, overflow
advisories | CVE-2016-6207
MD5 | ed019bcb65da1d0ea371b5c93b2e6467
VMware vSphere Hypervisor (ESXi) HTTP Response Injection
Posted Aug 5, 2016
Authored by Matthias Deeg

The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers.

tags | exploit, web, arbitrary, javascript
advisories | CVE-2016-5331
MD5 | ede1d4f2aa61104f3c3b4333be7aa391
Subrion CMS 4.0.5 SQL Injection
Posted Aug 5, 2016
Authored by Benjamin Kunz Mejri | Site vulnerability-lab.com

Subrion CMS version 4.0.5 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ae4391cfc94ed25e20897143074ede12
Typesettercms 5.0.1 Cross Site Request Forgery
Posted Aug 5, 2016
Authored by ZwX | Site vulnerability-lab.com

Typesettercms version 5.0.1 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 81105609064d553b1fa072c4685574f1
FortiCloud Cross Site Scripting
Posted Aug 5, 2016
Authored by Lawrence Amer | Site vulnerability-lab.com

The Reports Summary functionality of FortiCloud suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | 243aa013bd2114e696751d6b36ad6a0d
SMB Delivery Module
Posted Aug 5, 2016
Authored by Andrew Smith, Russel Van Tuyl | Site metasploit.com

This Metasploit module serves payloads via an SMB server and provides commands to retrieve and execute the generated payloads. Currently supports DLLs and Powershell.

tags | exploit
MD5 | 0ad244265fa943ae5bebc9ea3dd8c58c
Sophos Mobile Control 3.5.0.3 Open Reverse Proxy
Posted Aug 5, 2016
Authored by Tim Kretschmann

Sophos EAS Proxy is part of the Enterprise Mobility Management (EMM) platform Sophos Mobile Control, which allows control of mail access for managed mobile devices. Anonymous attackers can access any web-resources of the backend mail system like Microsoft Exchange or IBM Domino, if Lotus Traveler option is enabled. Brute force attacks against users in the backend mail system are also possible. Version 3.5.0.3 is affected.

tags | exploit, web
advisories | CVE-2016-6597
MD5 | 24977ef9b66d45a0e285add435dd4ef1
Davolink DV-2051 Missing Access Control
Posted Aug 5, 2016
Authored by Eric Flokstra

Davolink DV-2051 suffers from a missing access control vulnerability.

tags | exploit, bypass
MD5 | f0b6086c98ead51572093a1cf0bd004c
PHP Power Browse 1.2 Path Traversal
Posted Aug 5, 2016
Authored by Manuel Mancera

PHP Power Browse version 1.2 suffers from a path traversal vulnerability.

tags | exploit, php, file inclusion
MD5 | 96cfcf051503816fcaaabe5565dbcfd5
ntop 2.5 Cross Site Request Forgery / Command Execution
Posted Aug 5, 2016
Authored by Javier Marcos

ntop versions 2.3 through 2.5 suffer from cross site request forgery and multiple command execution vulnerabilities.

tags | exploit, vulnerability, csrf
MD5 | 53434f7772039c89444a0d4dec747ce2
Page 1 of 1
Back1Next

File Archive:

April 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    21 Files
  • 2
    Apr 2nd
    35 Files
  • 3
    Apr 3rd
    21 Files
  • 4
    Apr 4th
    16 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    1 Files
  • 7
    Apr 7th
    2 Files
  • 8
    Apr 8th
    23 Files
  • 9
    Apr 9th
    19 Files
  • 10
    Apr 10th
    15 Files
  • 11
    Apr 11th
    14 Files
  • 12
    Apr 12th
    11 Files
  • 13
    Apr 13th
    2 Files
  • 14
    Apr 14th
    5 Files
  • 15
    Apr 15th
    14 Files
  • 16
    Apr 16th
    19 Files
  • 17
    Apr 17th
    19 Files
  • 18
    Apr 18th
    8 Files
  • 19
    Apr 19th
    4 Files
  • 20
    Apr 20th
    5 Files
  • 21
    Apr 21st
    1 Files
  • 22
    Apr 22nd
    10 Files
  • 23
    Apr 23rd
    22 Files
  • 24
    Apr 24th
    7 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close