exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 333 RSS Feed

Files Date: 2016-09-01 to 2016-09-30

Ubuntu Security Notice USN-3094-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3094-1 - Andrew Ayer discovered that Systemd improperly handled zero-length notification messages. A local unprivileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
SHA-256 | 1ba872a1536aaaeaf458159274b73bb4073e6d16e22c38eb09ab3ccef17531aa
HP Security Bulletin HPSBGN03650 1
Posted Sep 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03650 1 - A potential vulnerability has been identified in HPE Network Automation Software. The vulnerability could be locally exploited to allow arbitrary file modification. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2016-4386
SHA-256 | f8b48858bf63376d452f7789a5a4547fe95c190a9693ab9d2026dac1ad2a3697
Red Hat Security Advisory 2016-1978-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1978-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-1000111
SHA-256 | d5e3aa646dfd2f8b3f78548122631ae45d15ee8081e7f70b40011002ec277d92
Red Hat Security Advisory 2016-1967-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1967-01 - The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5432
SHA-256 | 1dad5da83832d848a306c7a1c3edafe684ebd92107f66f7df2652aa86e3cb1b4
Red Hat Security Advisory 2016-1973-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1973-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7031
SHA-256 | 6495d29df539e95c5eb0e5c071fc29f9cec2d96539c046e52d8534cc8724c963
Red Hat Security Advisory 2016-1972-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1972-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7031
SHA-256 | db68653a7b9b6241ac1ee45d0848b57d281fc69b1882bad6922e32fdea8a52c6
Revive Adserver 3.2.4 XSS / File Download / Element Injection
Posted Sep 29, 2016
Authored by Matteo Beccati

Revive Adserver versions 3.2.4 and below suffers from reflected file download, cross site scripting, and special element injection.

tags | advisory, xss
SHA-256 | b2af95d062de5bdc30f259d6beea9ba5dac6df00433eebde912fe2a5cbc3d161
Cisco Security Advisory 20160928-smi
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

tags | advisory, remote, denial of service, tcp, memory leak
systems | cisco, osx
SHA-256 | a148836287ff37df7a6160852705022c6c49dfe1768ef65b38854aac3c0eda81
Cisco Security Advisory 20160928-msdp
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart. The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | cisco, osx
SHA-256 | d3cbfed6645f0353d9f26d0202653f9ac87d273cd24d9c0bcc14ae58b5e26409
Cisco Security Advisory 20160928-ios-ikev1
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, udp
systems | cisco, osx
SHA-256 | d793fb6c1d8ef6ea8e7c13e8efc3182402fd3c886bdf151b007edd76785c075b
Cisco Security Advisory 20160928-esp-nat
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
SHA-256 | 6bdab0ea549f484bd1e3d255ccb898389ec19764b4d60f337ed86ae3d6cf68ea
Cisco Security Advisory 20160928-cip
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
SHA-256 | 7eeed3c340b1022fe38348b497c56616974dcd7243014d0affae46bb15082884
Cisco Security Advisory 20160928-aaados
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an error log message when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this vulnerability by attempting to authenticate to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

tags | advisory, remote, denial of service, shell
systems | cisco, osx
SHA-256 | 09a0906cb0093e06d2d1f40eeea5a1464121a24f7bffb46b62cadd140729789a
Ubuntu Security Notice USN-3092-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3092-1 - Stefan Metzmacher discovered that Samba incorrectly handled certain flags in SMB2/3 client connections. A remote attacker could use this issue to disable client signing and impersonate servers by performing a man in the middle attack. Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2119
SHA-256 | 4edf165016c2460e921c064dc440ed429814ccfc70919740ee86f63fba19fc88
Red Hat Security Advisory 2016-1969-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1969-01 - This release of Red Hat JBoss BPM Suite 6.3.3 serves as a replacement for Red Hat JBoss BPM Suite 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-5398
SHA-256 | 2cc79cd62732a63158a0f117f349639a1843a06e425e0ea5c8c42481ccf377db
Red Hat Security Advisory 2016-1968-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1968-01 - This release of Red Hat JBoss BRMS 6.3.3 serves as a replacement for Red Hat JBoss BRMS 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-5398
SHA-256 | 5831a7110053a2c2722e2d3f6c7c6cc8c7c1f948b48e8571056c4c3c280277aa
Ubuntu Security Notice USN-3093-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3093-1 - It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1371, CVE-2016-1372, CVE-2016-1405
SHA-256 | 341041e7f8d7c1fd9f4abcb699474d38b7f691167229020b13c273277e5c2fc4
Red Hat Security Advisory 2016-1944-01
Posted Sep 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1944-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-2776
SHA-256 | 63f1574ac630676fcf0eff4827fb27a6d2d47e11f2e55f0e0d10550f09bf49f6
Red Hat Security Advisory 2016-1945-01
Posted Sep 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1945-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-2776
SHA-256 | be43c5a097e942ecd307ebf4297bc06f0d866bd50f9d3352b9a0006c698abcc0
Symantec Messaging Gateway 10.6.1 Directory Traversal
Posted Sep 28, 2016
Authored by R-73eN

Symantec Messaging Gateway versions 10.6.1 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2016-5312
SHA-256 | 23dad5e838b6046a002fbf6522886e375030f3559a852920266cc22b7246dc03
Cisco Security Advisory 20160927-openssl
Posted Sep 28, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2016-2178, CVE-2016-2183
SHA-256 | 8a01e5818235e52620d9168ec7848771a0b5ee468ce6cb8088cecce9cffb935e
Slackware Security Advisory - bind Updates
Posted Sep 28, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-2776
SHA-256 | fa36deda59b2671cb8b2e580d7603a1022589c6028f745b10155c2f43650482a
D-Link DWR-932B Backdoors / Default WPS PIN
Posted Sep 28, 2016
Authored by Pierre Kim

D-Link DWR-932B suffers from backdoor accounts, default WPS PIN, weak WPS PIN generation, and various other bad security practices and issues.

tags | exploit
SHA-256 | c6622e059d37bef9eede516a3030b6a743db38a5cd314be7e8c8d9f7cd9c8022
Exponent CMS 2.3.9 Cross Site Scripting
Posted Sep 28, 2016
Authored by indoushka

Exponent CMS version 2.3.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 816a6aa0ebc0fcfe56debdb5c17f8ac1d66b9b19c5aee73f74e398c5bd601fa8
VLC Media Player 2.2.1 Buffer Overflow
Posted Sep 28, 2016
Authored by sultan albalawi

VLC Media Player version 2.2.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
SHA-256 | 8d54ac5735ae7e4cb830045676f5c7c657f8076814f587a26a777142ade24e68
Page 1 of 14
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close