the original cloud security
Showing 1 - 25 of 53 RSS Feed

Files Date: 2016-11-04

Rapid PHP Editor IDE 14.1 Cross Site Request Forgery / Code Execution
Posted Nov 4, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Rapid PHP Editor IDE version 14.1 suffers from a cross site request forgery vulnerability that can result in remote code execution.

tags | exploit, php, csrf
MD5 | f198e7df1fa8662aed794f89792b44fd
Sophos Web Appliance 4.2.1.3 Remote Code Execution
Posted Nov 4, 2016
Authored by Matthew Bergin | Site korelogic.com

Sophos Web Appliance version 4.2.1.3 suffers from a remote code execution vulnerability.

tags | exploit, remote, web, code execution
MD5 | 3adb9ce7b7b5f3fb4aeaaae502265d2c
Sophos Web Appliance 4.2.1.3 Privilege Escalation
Posted Nov 4, 2016
Authored by Matthew Bergin | Site korelogic.com

Sophos Web Appliance version 4.2.1.3 suffers from a privilege escalation vulnerability. An unprivileged user can obtain an MD5 hash of the administrator password which can then be used to discover the plain-text password.

tags | exploit, web
MD5 | 1b7c27e92b126973c1d376581151952c
Red Hat Security Advisory 2016-2600-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2600-02 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a newer upstream version: squid. Security Fix: Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, CVE-2016-3948
MD5 | 0e7c2c2d9dfa4c35c51ebddd1a678637
Red Hat Security Advisory 2016-2589-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2589-02 - The GIMP is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp, gimp-help. Security Fix: Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2016-4994
MD5 | 085e30e4d3945041fa9a808d5ae89c89
Red Hat Security Advisory 2016-2588-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2588-02 - OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix: It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root.

tags | advisory, arbitrary, local, root, protocol
systems | linux, redhat, unix
advisories | CVE-2015-8325
MD5 | 1f74bb6c78520f64ed0634ad7288c4d1
Ubuntu Security Notice USN-3121-1
Posted Nov 4, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3121-1 - It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy function in certain cases. An attacker could use this to bypass Java sandbox restrictions. It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. Various other issues were also addressed.

tags | advisory, java
systems | linux, ubuntu
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597
MD5 | 5f45b12aa5b3f2bc4fdd42431f478ef9
Red Hat Security Advisory 2016-2657-01
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2657-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as an update for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-7046
MD5 | d50f4c6e9e96df6bc3a2553a80cba06d
Gentoo Linux Security Advisory 201611-04
Posted Nov 4, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-4 - Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service. Versions less than 1.8.0.111 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5568, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597
MD5 | f573a3adca9c549336a3280f669c02eb
Gentoo Linux Security Advisory 201611-03
Posted Nov 4, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201611-3 - Multiple vulnerabilities have been found in both LibreOffice and OpenOffice, the worst of which allows for the remote execution of arbitrary code. Versions less than 5.1.4.2 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-4324
MD5 | 19f56be38cd7821ee9db1322d1ef6e1e
HP Security Bulletin HPSBUX03664 SSRT110248 1
Posted Nov 4, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03664 SSRT110248 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-2775, CVE-2016-2776
MD5 | 0e99589ebf26ba019c875421f448f940
Red Hat Security Advisory 2016-2634-01
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2634-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that will run virtually anywhere. Security Fix: It was found that Docker would launch containers under the specified UID instead of a username. An attacker able to launch a container could use this flaw to escalate their privileges to root within the launched container.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2016-3697
MD5 | 39179bb2038c0ab4bd2084ce83e610ec
Cisco Security Advisory 20161102-cms
Posted Nov 4, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the software does not perform sufficient boundary checks on user-supplied data. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted IPv6 input to the vulnerable function. A successful exploit could result in an exploitable buffer underflow condition. An attacker could leverage this buffer underflow condition to incorrectly allocate memory and cause a reload of the device or execute arbitrary code with the privileges of the affected application. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

tags | advisory, remote, arbitrary
systems | cisco
MD5 | 60d814e76d3f23639f4b34193463bfeb
Red Hat Security Advisory 2016-2641-01
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2641-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-7046
MD5 | 3aacb717fce8fb89205d94019a3b8a8d
Red Hat Security Advisory 2016-2642-01
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2642-01 - The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services Elastic Compute Cloud. With this update, the eap7-jboss-ec2-eap package has been updated to ensure compatibility with Red Hat JBoss Enterprise Application Platform 7.0.3.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-7046
MD5 | 82d88ee8481f91e1563ff6301a7c5753
Red Hat Security Advisory 2016-2640-01
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2640-01 - Red Hat JBoss Enterprise Application Platform 7 is an application server that serves as a middleware platform and is built on open standards and compliant with the Java EE 7 specification. This release serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.0.2. It includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2016-7046
MD5 | a3d6a87c3d91f9bf9ae705af6e9697bc
Ubuntu Security Notice USN-3123-1
Posted Nov 4, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3123-1 - It was discovered that curl incorrectly reused client certificates when built with NSS. A remote attacker could possibly use this issue to hijack the authentication of a TLS connection. Nguyen Vu Hoang discovered that curl incorrectly handled escaping certain strings. A remote attacker could possibly use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624
MD5 | 30a0a8d504d817ecda7299127973f81c
Red Hat Security Advisory 2016-2610-01
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2610-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-7795
MD5 | 184443a905acf86d25caa3a38b32eafe
Ubuntu Security Notice USN-3122-1
Posted Nov 4, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3122-1 - It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges.

tags | advisory, local, root
systems | linux, ubuntu
advisories | CVE-2016-7382, CVE-2016-7389
MD5 | 6dbd8fa85ed118e5739bf6a23ccf0925
Red Hat Security Advisory 2016-2615-01
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2615-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-8864
MD5 | 6289f675450ca2ec4675edc1f9bc3482
Red Hat Security Advisory 2016-2614-01
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2614-01 - The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. Security Fix: An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2016-7035
MD5 | f800b6a8416c2c91c1890b5bbc260740
Cisco Security Advisory 20161102-tl1
Posted Nov 4, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affected system. The vulnerability exists because the affected software performs incomplete bounds checks on input data. An attacker could exploit this vulnerability by sending a malicious request to the TL1 port, which could cause the device to reload. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

tags | advisory, remote, arbitrary
systems | cisco
MD5 | 668aa930a9a6fc860efaf71ac8609cdd
Red Hat Security Advisory 2016-2606-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2606-02 - PostgreSQL is an advanced object-relational database management system. The following packages have been upgraded to a newer upstream version: postgresql. Security Fix: A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-5423, CVE-2016-5424
MD5 | f62cd15383cbb7260eab63af0b2e5802
Red Hat Security Advisory 2016-2603-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2603-02 - Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network. Security Fix: A traffic amplification flaw was found in the Internet Key Exchange version 1 protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server.

tags | advisory, remote, denial of service, udp, spoof, protocol
systems | linux, redhat
advisories | CVE-2016-5361
MD5 | 68ce71a26bfde2d8d8b7ff810427fb1e
Red Hat Security Advisory 2016-2599-02
Posted Nov 4, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2599-02 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. The following packages have been upgraded to a newer upstream version: tomcat. Security Fix: A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack.

tags | advisory, java, web, root
systems | linux, redhat
advisories | CVE-2015-5174, CVE-2015-5345, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092
MD5 | 02720dea32714bccdbdb8886046cee82
Page 1 of 3
Back123Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    15 Files
  • 19
    Oct 19th
    10 Files
  • 20
    Oct 20th
    7 Files
  • 21
    Oct 21st
    4 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close