exploit the possibilities
Showing 1 - 17 of 17 RSS Feed

Files Date: 2016-08-11

Gentoo Linux Security Advisory 201608-01
Posted Aug 11, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201608-1 - Multiple vulnerabilities have been found in OptiPNG, the worst of which could lead to the remote execution of arbitrary code, or cause a Denial of Service condition. Versions less than 0.7.6 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2191, CVE-2016-3981, CVE-2016-3982
MD5 | 5b098be54be389430e087729649eb0fe
Red Hat Security Advisory 2016-1596-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1596-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
MD5 | 1bee7be03e616f5ce088093d21a97c91
Red Hat Security Advisory 2016-1595-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1595-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
MD5 | e7b665d56d6cdea27c61a88d8794ae05
Red Hat Security Advisory 2016-1594-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1594-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Security Fix: A cross-site scripting flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related popup. Element.textContent is now used to prevent XSS data execution.

tags | advisory, web, javascript, xss, python
systems | linux, redhat
advisories | CVE-2016-6186
MD5 | ae57de7f8e8b4cb4d505d6f3bdc59790
DLL Side Loading In VMware Host Guest Client Redirector
Posted Aug 11, 2016
Authored by Yorick Koster | Site metasploit.com

A DLL side loading vulnerability was found in the VMware Host Guest Client Redirector, a component of VMware Tools. This issue can be exploited by luring a victim into opening a document from the attacker's share. An attacker can exploit this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet.

tags | exploit, arbitrary
advisories | CVE-2016-5330
MD5 | 17d5e356d106a90bcd1762361be04821
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution
Posted Aug 11, 2016
Authored by Pedro Ribeiro | Site metasploit.com

The NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application are vulnerable to an unauthenticated remote code execution on the exposed web administration interface. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2 and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.

tags | exploit, remote, web, root, code execution
advisories | CVE-2016-5674
MD5 | d40e6b7096ec53c035171a4378040b94
NUUO NVRmini 2 / Crystal / NETGEAR ReadyNAS Surveillance Authenticated Remote Code Execution
Posted Aug 11, 2016
Authored by Pedro Ribeiro | Site metasploit.com

The NVRmini 2 Network Video Recorder, Crystal NVR and the ReadyNAS Surveillance application are vulnerable to an authenticated remote code execution on the exposed web administration interface. An administrative account is needed to exploit this vulnerability. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been tested on several versions of the NVRmini 2, Crystal and the ReadyNAS Surveillance. It probably also works on the NVRsolo and other Nuuo devices, but it has not been tested in those devices.

tags | exploit, remote, web, root, code execution
advisories | CVE-2016-5675
MD5 | d61e75ee975d366c5637cabef3503939
Netcore Router Udp 53413 Backdoor
Posted Aug 11, 2016
Authored by h00die, Nixawk | Site metasploit.com

Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cyber criminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. Some models include a non-standard echo command which doesn't honor -e, and are therefore not currently exploitable with Metasploit. See URLs or module markdown for additional options.

tags | exploit, arbitrary
MD5 | 344cf1d43d84d79b6807431fd61e8450
SAP CAR Archive Tool Denial Of Service / Security Bypass
Posted Aug 11, 2016
Authored by Core Security Technologies, Martin Gallo, Joaquin Rodriguez Varela | Site coresecurity.com

Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
advisories | CVE-2016-5845, CVE-2016-5847
MD5 | e711534cc773eca194793a6b82ce5f46
Red Hat Security Advisory 2016-1589-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1589-01 - IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7 SR9-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3511, CVE-2016-3598
MD5 | ea355f2d21286fd2cb35c13831465a50
Red Hat Security Advisory 2016-1588-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1588-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR3-FP50. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3511, CVE-2016-3598
MD5 | f0eac489bb998271daeeab251b6861a8
Red Hat Security Advisory 2016-1587-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1587-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR3-FP10. Security Fix: This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2016-3511, CVE-2016-3598
MD5 | 9b9c3e6bf29c7cfea42c91b75ba75b31
Red Hat Security Advisory 2016-1593-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1593-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. Security Fix: A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-3192
MD5 | 41855980e74dbe293b1a3a099cb69dd4
Red Hat Security Advisory 2016-1592-01
Posted Aug 11, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1592-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. Security Fix: A denial of service flaw was found in the way Spring processes inline DTD declarations. A remote attacker could submit a specially crafted XML file that would cause out-of-memory errors when parsed.

tags | advisory, remote, denial of service
systems | linux, redhat
advisories | CVE-2015-3192
MD5 | 5d14bbeb7d20e813d607ad98ffdf60b6
Cisco Security Advisory 20160810-iosxr
Posted Aug 11, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the driver processing functions of Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a memory leak on the route processor (RP) of an affected device, which could cause the device to drop all control-plane protocols and lead to a denial of service condition (DoS) on a targeted system. The vulnerability is due to improper handling of crafted, fragmented packets that are directed to an affected device. An attacker could exploit this vulnerability by sending crafted, fragmented packets to an affected device for processing and reassembly. A successful exploit could allow the attacker to cause a memory leak on the RP of the device, which could cause the device to drop all control-plane protocols and eventually lead to a DoS condition on the targeted system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. However, there are mitigations for this vulnerability.

tags | advisory, remote, denial of service, protocol, memory leak
systems | cisco, osx
MD5 | e44858ceffa1bfb26a9c53dc008ab51e
Ubuntu Security Notice USN-3059-1
Posted Aug 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3059-1 - It was discovered that xmlrpc-epi incorrectly handled lengths in the simplestring_addn function. A remote attacker could use this issue to cause applications using xmlrpc-epi such as PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2016-6296
MD5 | ed4e66bf966e53b6df2df9140c2d96e9
Ubuntu Security Notice USN-3060-1
Posted Aug 11, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3060-1 - It was discovered that the GD library incorrectly handled certain malformed TGA images. If a user or automated system were tricked into processing a specially crafted TGA image, an attacker could cause a denial of service. It was discovered that the GD library incorrectly handled memory when using gdImageScale. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6132, CVE-2016-6207, CVE-2016-6214
MD5 | 7d621dddba087aab24409c5b09f8b6f5
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close