accept no compromises
Showing 1 - 25 of 332 RSS Feed

Files Date: 2016-09-01 to 2016-09-30

Ubuntu Security Notice USN-3094-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3094-1 - Andrew Ayer discovered that Systemd improperly handled zero-length notification messages. A local unprivileged attacker could use this to cause a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
MD5 | c4fd829e88107c79cd04f98d9742c046
HP Security Bulletin HPSBGN03650 1
Posted Sep 29, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03650 1 - A potential vulnerability has been identified in HPE Network Automation Software. The vulnerability could be locally exploited to allow arbitrary file modification. Revision 1 of this advisory.

tags | advisory, arbitrary
advisories | CVE-2016-4386
MD5 | b67fc20c9fbbf040a8b0ab8a56ef66b0
Red Hat Security Advisory 2016-1978-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1978-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix: It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

tags | advisory, remote, web, cgi, python
systems | linux, redhat
advisories | CVE-2016-1000111
MD5 | 51d8e2299330edaa913b00676551d000
Red Hat Security Advisory 2016-1967-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1967-01 - The Red Hat Virtualization Manager is a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a User Portal, and a Representational State Transfer Application Programming Interface.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-5432
MD5 | d5fa2512a5e5e210974425d5d28e2cd2
Red Hat Security Advisory 2016-1973-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1973-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7031
MD5 | 0dcce17f56e2873c36e752a4ef1b2117
Red Hat Security Advisory 2016-1972-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1972-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix: A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7031
MD5 | 1f84ebf409df75c4dc9b6a2c076da8ab
Revive Adserver 3.2.4 XSS / File Download / Element Injection
Posted Sep 29, 2016
Authored by Matteo Beccati

Revive Adserver versions 3.2.4 and below suffers from reflected file download, cross site scripting, and special element injection.

tags | advisory, xss
MD5 | 440b8783a596b296a356c2c335307e10
Cisco Security Advisory 20160928-smi
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - The Smart Install client feature in Cisco IOS and IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to cause a memory leak and eventual denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect handling of image list parameters. An attacker could exploit this vulnerability by sending crafted Smart Install packets to TCP port 4786. A successful exploit could cause a Cisco Catalyst switch to leak memory and eventually reload, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability other than disabling Smart Install functionality on the affected device.

tags | advisory, remote, denial of service, tcp, memory leak
systems | cisco, osx
MD5 | f4a1186c6866c8953658abc16723759c
Cisco Security Advisory 20160928-msdp
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Multiple vulnerabilities in the multicast subsystem of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The issues are in IPv4 Multicast Source Discovery Protocol (MSDP) and IPv6 Protocol Independent Multicast (PIM). The first vulnerability (Cisco bug ID CSCud36767) is due to insufficient checking of MSDP Source-Active (SA) messages received from a configured MSDP peer. An attacker who can send traffic to the IPv4 address of a device could exploit this vulnerability by sending a packet designed to trigger the issue to the affected device. A successful exploit could cause the affected device to restart. The second vulnerability (Cisco bug ID CSCuy16399) is due to insufficient checking of packets encapsulated in a PIM register message. An attacker who can send a malformed IPv6 PIM register packet to a PIM rendezvous point (RP) could exploit the vulnerability. A successful exploit could cause the affected device to restart. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | cisco, osx
MD5 | 43cc4297092d1bd5caa70fda605ff287
Cisco Security Advisory 20160928-ios-ikev1
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Internet Key Exchange version 1 (IKEv1) fragmentation code of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an exhaustion of available memory or a reload of the affected system. The vulnerability is due to the improper handling of crafted, fragmented IKEv1 packets. An attacker could exploit this vulnerability by sending crafted UDP packets to the affected system. An exploit could allow the attacker to cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, udp
systems | cisco, osx
MD5 | 2c70f7682ae53942ec87823035a10378
Cisco Security Advisory 20160928-esp-nat
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of malformed ICMP packets by the affected software. An attacker could exploit this vulnerability by sending crafted ICMP packets that require NAT processing by an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service
systems | cisco, osx
MD5 | 2271bd2366c3d705a7aec59912d5e82e
Cisco Security Advisory 20160928-cip
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Common Industrial Protocol (CIP) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The vulnerability is due to a failure to properly process an unusual, but valid, set of requests to an affected device. An attacker could exploit this vulnerability by submitting a CIP message request designed to trigger the vulnerability to an affected device. An exploit could cause the switch to stop processing traffic, requiring a restart of the device to regain functionality. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

tags | advisory, remote, denial of service, protocol
systems | cisco
MD5 | 04c5d0b2842abea63280ac5750d8553f
Cisco Security Advisory 20160928-aaados
Posted Sep 29, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Authentication, Authorization, and Accounting (AAA) service for remote Secure Shell Host (SSH) connections to the device for Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause the vulnerable device to reload. The vulnerability is due to an error log message when a remote SSH connection to the device fails AAA authentication. An attacker could exploit this vulnerability by attempting to authenticate to the targeted device. An exploit could allow the attacker to cause a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There is a workaround that addresses this vulnerability.

tags | advisory, remote, denial of service, shell
systems | cisco, osx
MD5 | f9cb5fe12bc2121506a1c0c12892f28d
Ubuntu Security Notice USN-3092-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3092-1 - Stefan Metzmacher discovered that Samba incorrectly handled certain flags in SMB2/3 client connections. A remote attacker could use this issue to disable client signing and impersonate servers by performing a man in the middle attack. Samba has been updated to 4.3.11 in Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. In addition to the security fix, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-2119
MD5 | 0f4095c3461c3015fb2d40b12ecd9ad4
Red Hat Security Advisory 2016-1969-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1969-01 - This release of Red Hat JBoss BPM Suite 6.3.3 serves as a replacement for Red Hat JBoss BPM Suite 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-5398
MD5 | 4ba7860f16cff465fe3787f7ab6afd7f
Red Hat Security Advisory 2016-1968-01
Posted Sep 29, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1968-01 - This release of Red Hat JBoss BRMS 6.3.3 serves as a replacement for Red Hat JBoss BRMS 6.3.2, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: A security flaw was found in the way Business Process Editor displays the business process details to the user. A remote, authenticated attacker with privilege to create business processes could use this flaw to conduct stored XSS attacks against other users.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-5398
MD5 | fa0065fda1024ba84c3a0a0905bab043
Ubuntu Security Notice USN-3093-1
Posted Sep 29, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3093-1 - It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the ClamAV AppArmor profile.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-1371, CVE-2016-1372, CVE-2016-1405
MD5 | 06ff2ba7b17b939573a2c618aab7df2e
Red Hat Security Advisory 2016-1944-01
Posted Sep 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1944-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-2776
MD5 | 0a9cf15be2f099f58756e3ae45c58a08
Red Hat Security Advisory 2016-1945-01
Posted Sep 28, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1945-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-2776
MD5 | 2ac438580972c301dca25933e301d3cd
Symantec Messaging Gateway 10.6.1 Directory Traversal
Posted Sep 28, 2016
Authored by R-73eN

Symantec Messaging Gateway versions 10.6.1 and below suffer from a directory traversal vulnerability.

tags | exploit, file inclusion
advisories | CVE-2016-5312
MD5 | 474ec2043b4af5d87097d9a795722eb7
Cisco Security Advisory 20160927-openssl
Posted Sep 28, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities.

tags | advisory, vulnerability
systems | cisco
advisories | CVE-2016-2178, CVE-2016-2183
MD5 | 34494deb234d29dad0799daa1734e504
Slackware Security Advisory - bind Updates
Posted Sep 28, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-2776
MD5 | 5bd6ef6c1864f2c160ad714685f5238f
D-Link DWR-932B Backdoors / Default WPS PIN
Posted Sep 28, 2016
Authored by Pierre Kim

D-Link DWR-932B suffers from backdoor accounts, default WPS PIN, weak WPS PIN generation, and various other bad security practices and issues.

tags | exploit
MD5 | b2fbfed0ccd8e0f65c0d1132f585653d
Exponent CMS 2.3.9 Cross Site Scripting
Posted Sep 28, 2016
Authored by indoushka

Exponent CMS version 2.3.9 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 179ba2a379193b3ea1f574962dc801e0
VLC Media Player 2.2.1 Buffer Overflow
Posted Sep 28, 2016
Authored by sultan albalawi

VLC Media Player version 2.2.1 suffers from a buffer overflow vulnerability.

tags | exploit, overflow
MD5 | 5c78fcc6e232c68394a721b5083f71b8
Page 1 of 14
Back12345Next

File Archive:

August 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    30 Files
  • 3
    Aug 3rd
    20 Files
  • 4
    Aug 4th
    17 Files
  • 5
    Aug 5th
    4 Files
  • 6
    Aug 6th
    2 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    18 Files
  • 9
    Aug 9th
    10 Files
  • 10
    Aug 10th
    24 Files
  • 11
    Aug 11th
    10 Files
  • 12
    Aug 12th
    3 Files
  • 13
    Aug 13th
    3 Files
  • 14
    Aug 14th
    10 Files
  • 15
    Aug 15th
    16 Files
  • 16
    Aug 16th
    18 Files
  • 17
    Aug 17th
    15 Files
  • 18
    Aug 18th
    17 Files
  • 19
    Aug 19th
    15 Files
  • 20
    Aug 20th
    11 Files
  • 21
    Aug 21st
    15 Files
  • 22
    Aug 22nd
    15 Files
  • 23
    Aug 23rd
    13 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close