what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

Files Date: 2016-08-17

GNU Privacy Guard 1.4.21
Posted Aug 17, 2016
Site gnupg.org

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.

Changes: Added dummy option --with-subkey-fingerprint. Updated Russian translation. Various other updates and tweaks.
tags | tool, encryption
MD5 | 9bdeabf3c0f87ff21cb3f9216efdd01d
Red Hat Security Advisory 2016-1625-02
Posted Aug 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1625-02 - This release of Red Hat JBoss Core Services Service Pack 1 serves as a replacement for JBoss Core Services Apache HTTP Server. Security Fix: It was discovered that Apache HTTP Server used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, redhat
advisories | CVE-2016-5387
MD5 | ae02625deda15d1643d5fbb5170161d8
Red Hat Security Advisory 2016-1624-01
Posted Aug 17, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1624-01 - This release of Red Hat JBoss Web Server 3.0.3 Service Pack 1 serves as a update for Red Hat JBoss Web Server 3.0.3 httpd and tomcat. Security Fix: It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi
systems | linux, redhat
advisories | CVE-2016-5387, CVE-2016-5388
MD5 | ebdbb54fd7f5f8bb1d657fca632ba0f8
Faraday 2.0.0
Posted Aug 17, 2016
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Added Faraday Server. Improved performance in web UI. Added some basic APIs to Faraday Server. Added licenses management section in web UI. Various other updates and changes.
tags | tool, rootkit
systems | unix
MD5 | 873c9172bb370ec9cba8d07e4b9dca34
Siemens IP-Camera Unauthenticated Remote Credential Disclosure
Posted Aug 17, 2016
Authored by Yakir Wizman

Siemens IP-Camera versions x.2.2.1798, CxMS2025_V2458_SP1, x.2.2.1798, and x.2.2.1235 suffer from an unauthenticated credential disclosure vulnerability.

tags | exploit, info disclosure
MD5 | 63fb7209a08bfe3214d2d984360780a6
Microsoft Windows Kernel win32k.sys FON Divide-By-Zero
Posted Aug 17, 2016
Authored by Google Security Research, mjurczyk

There exists a Microsoft Windows kernel win32k.sys FON font processing divide-by-zero exception in win32k!MAPPER::bFoundExactMatch.

tags | exploit, kernel
systems | windows
MD5 | cadd007874278c5a14d77cca054399cf
Microsoft GDI+ EMR_EXTTEXTOUTA / EMR_POLYTEXTOUTA Buffer Overflow
Posted Aug 17, 2016
Authored by Google Security Research, mjurczyk

There exists a Microsoft GDI+ heap-based buffer overflow vulnerability in the handling of EMR_EXTTEXTOUTA and EMR_POLYTEXTOUTA records.

tags | exploit, overflow
advisories | CVE-2016-3304
MD5 | 2e6415e3d1de6e523101215ad8e76d95
Microsoft GDI+ DecodeCompressedRLEBitmap Out-Of-Bounds Write
Posted Aug 17, 2016
Authored by Google Security Research, mjurczyk

Microsoft GDI+ out-of-bounds write proof of concept exploit that works due to invalid pointer arithmetic in DecodeCompressedRLEBitmap.

tags | exploit, proof of concept
advisories | CVE-2016-3301
MD5 | ed4ca067a0a3dbfed17f7574c32d899d
Microsoft GDI+ ValidateBitmapInfo Out-Of-Bounds Write
Posted Aug 17, 2016
Authored by Google Security Research, mjurczyk

Microsoft GDI+ out-of-bounds write proof of concept exploit that works due to invalid pointer arithmetic in ValidateBitmapInfo.

tags | exploit, proof of concept
advisories | CVE-2016-3303
MD5 | e076fd55171c0047b67378cb671f502f
NetIQ Access Manager iManager 2.7.7.6 / 2.7.7.5 Cross Site Scripting
Posted Aug 17, 2016
Authored by Micha Borrmann

NetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 122b37c25373344025612533ceaac6a3
Ubuntu Security Notice USN-3063-1
Posted Aug 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3063-1 - Tobias Stoeckmann discovered that Fontconfig incorrectly handled cache files. A local attacker could possibly use this issue with a specially crafted cache file to elevate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2016-5384
MD5 | 9bf6b3c88fdc3e8aa92e0a37447cf9fb
Cisco Security Advisory 20160817-fmc
Posted Aug 17, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to perform unauthorized remote command execution on the affected device. The vulnerability is due to insufficient authorization checking. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to execute system commands with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web, root
systems | cisco
MD5 | acc267508f37dd32d57b2257467d6b39
Cisco Security Advisory 20160817-apic
Posted Aug 17, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, arbitrary, root
systems | cisco
MD5 | cc4d376cccc340224ee5ccc8fc5fb71c
Cisco Security Advisory 20160817-firepower
Posted Aug 17, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the web-based GUI of Cisco Firepower Management Center and Cisco Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services could allow an authenticated, remote attacker to elevate the privileges of user accounts on the affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted HTTP requests to the affected device. Successful exploitation could allow an authenticated attacker to elevate the privileges of user accounts configured on the device. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, web
systems | cisco
MD5 | 7a116186d829116419d9ac3e1fab852d
Ubuntu Security Notice USN-3062-1
Posted Aug 17, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3062-1 - Multiple vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service, expose sensitive data over the network, or possibly execute arbitrary code. A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this to expose sensitive data over the network or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, vulnerability, info disclosure
systems | linux, ubuntu
advisories | CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610
MD5 | b47fac7efd1528e6ed4c4722c629022d
Page 1 of 1
Back1Next

File Archive:

September 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    5 Files
  • 2
    Sep 2nd
    5 Files
  • 3
    Sep 3rd
    3 Files
  • 4
    Sep 4th
    13 Files
  • 5
    Sep 5th
    16 Files
  • 6
    Sep 6th
    15 Files
  • 7
    Sep 7th
    20 Files
  • 8
    Sep 8th
    16 Files
  • 9
    Sep 9th
    4 Files
  • 10
    Sep 10th
    2 Files
  • 11
    Sep 11th
    15 Files
  • 12
    Sep 12th
    19 Files
  • 13
    Sep 13th
    20 Files
  • 14
    Sep 14th
    38 Files
  • 15
    Sep 15th
    31 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    7 Files
  • 18
    Sep 18th
    15 Files
  • 19
    Sep 19th
    40 Files
  • 20
    Sep 20th
    8 Files
  • 21
    Sep 21st
    1 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close