what you don't know can hurt you
Showing 1 - 25 of 25 RSS Feed

Files Date: 2016-12-08

Gentoo Linux Security Advisory 201612-24
Posted Dec 8, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-24 - Multiple vulnerabilities were found in Binutils, the worst of which may allow execution of arbitrary code. Versions less than 2.25 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738
SHA-256 | 3c86a9269fa6147d238683731310483d43b4f512ea54b8446d3d85a8cd711871
Gentoo Linux Security Advisory 201612-23
Posted Dec 8, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-23 - Multiple vulnerabilities have been found in socat, the worst of which may allow execution of arbitrary code. Versions less than 1.7.3.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
SHA-256 | e31a393b3e01ec886551d18de54334df99dd4e12d9c702c4d63d90e92807421c
Gentoo Linux Security Advisory 201612-22
Posted Dec 8, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-22 - A vulnerability in Coreutils could lead to the execution of arbitrary code or a Denial of Service condition. Versions less than 8.23 are affected.

tags | advisory, denial of service, arbitrary
systems | linux, gentoo
advisories | CVE-2014-9471
SHA-256 | aadf75b3127408f19da444ed18da07013304be371623e66f15e5ae1db462df50
Gentoo Linux Security Advisory 201612-21
Posted Dec 8, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-21 - Multiple vulnerabilities were found in SQLite, the worst of which may allow execution of arbitrary code. Versions less than 3.11.1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
SHA-256 | b374696f5679bab08b5310d98075848bdf4bb39d2941f9b1e8c8778e83b69d90
Gentoo Linux Security Advisory 201612-20
Posted Dec 8, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-20 - A buffer overflow in jq might allow remote attackers to execute arbitrary code. Versions less than 1.5-r2 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
SHA-256 | 541f6b57037b93b7cf3d5d2f2f6db63b84d07b8374074eac78b3bfffc68047cd
HP Security Bulletin HPSBHF03674 1
Posted Dec 8, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03674 1 - A potential security vulnerability in the DES/3DES block ciphers could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. This vulnerability could be exploited remotely resulting in disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2016-2183
SHA-256 | 7c7293bf6f6050952ade049598c234ee769cc0357ebd1230d65f6bdd3c669692
Red Hat Security Advisory 2016-2938-01
Posted Dec 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2938-01 - This release of Red Hat JBoss BRMS 6.3.4 serves as a replacement for Red Hat JBoss BRMS 6.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-7041
SHA-256 | ce322c3919a5aa0e316a582034a6ded1e896f6d35c3e0a5938c15532ca9dbee7
Red Hat Security Advisory 2016-2937-01
Posted Dec 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2937-01 - This release of Red Hat JBoss BPM Suite 6.3.4 serves as a replacement for Red Hat JBoss BPM Suite 6.3.3, and includes bug fixes and enhancements, which are documented in the Release Notes of the patch linked to in the References section. Security Fix: Drools Workbench contains the path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2016-7041
SHA-256 | 2109bc63d8639d33c743deeb98f11c52c4c7f841b9bf81cb781a46b1bbc202b2
Red Hat Security Advisory 2016-2927-01
Posted Dec 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2927-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb100-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.

tags | advisory, arbitrary, root
systems | linux, redhat
advisories | CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-5630, CVE-2016-6662, CVE-2016-6663, CVE-2016-8283
SHA-256 | 66e1ea59d4014df2a4d524614e18002ead15028ade3161134f30e5b4a1e9c414
Red Hat Security Advisory 2016-2928-01
Posted Dec 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2928-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The following packages have been upgraded to a newer upstream version: rh-mariadb101-mariadb. Security Fix: It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server.

tags | advisory, arbitrary, root
systems | linux, redhat
advisories | CVE-2016-3492, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6662, CVE-2016-6663, CVE-2016-8283
SHA-256 | 0b4663dd1293eea4507798a5759c83e25936795e0709279b272a99329da7448c
Gentoo Linux Security Advisory 201612-26
Posted Dec 8, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-26 - Multiple vulnerabilities have been found in OpenJPEG, the worst of which may allow execution of arbitrary code. Versions less than 2.1.1_p20160922 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2015-8871, CVE-2016-1923, CVE-2016-1924, CVE-2016-3181, CVE-2016-3182, CVE-2016-3183, CVE-2016-7445
SHA-256 | e603e7bd8f6aad416db52f5b77333d0d38e7c1d31ac7f3354f5d11e1a44d5428
Gentoo Linux Security Advisory 201612-25
Posted Dec 8, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-25 - A vulnerability in CrackLib could lead to the execution of arbitrary code. Versions less than 2.9.6-r1 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2016-6318
SHA-256 | 3ab6e0f37c76d3e0f7536e37b12e861e8b29369382ba72842a352c817c7e63eb
Ubuntu Security Notice USN-3154-1
Posted Dec 8, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3154-1 - It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. It was discovered that the JMX component of OpenJDK did not sufficiently perform classloader consistency checks. An attacker could use this to bypass Java sandbox restrictions. Various other issues were also addressed.

tags | advisory, java
systems | linux, ubuntu
advisories | CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597
SHA-256 | 23e1920a16b9445560e5bddeb4e1bfe384398c0701a5807681e3784626881404
TOR Virtual Network Tunneling Tool 0.2.8.11
Posted Dec 8, 2016
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: Tor 0.2.8.11 backports fixes for additional portability issues that could prevent Tor from building correctly on OSX Sierra, or with OpenSSL 1.1. Affected users should upgrade; others can safely stay with 0.2.8.10.
tags | tool, remote, local, peer2peer
systems | unix
SHA-256 | 7adea0bfa17edafd4e09453f4f58a0dca737660e5358f9dafd52d55d55dc6ab3
GNU Transport Layer Security Library 3.4.17
Posted Dec 8, 2016
Authored by Simon Josefsson, Nikos Mavrogiannopoulos | Site gnu.org

GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.

Changes: Various updates.
tags | protocol, library
SHA-256 | 9b50e8a670d5e950425d96935c7ddd415eb6f8079615a36df425f09a3143172e
Asterisk Project Security Advisory - AST-2016-009
Posted Dec 8, 2016
Authored by Mark Michelson | Site asterisk.org

Asterisk Project Security Advisory - The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace.

tags | advisory
SHA-256 | 09dc558d0dc500657f84397b2183696f7dff962f91ac1d27039bfe9a9157f5a9
Microsoft Remote Desktop Client For Mac 8.0.36 Remote Code Execution
Posted Dec 8, 2016
Authored by Filippo Cavallarin

Microsoft Remote Desktop Client for Mac version 8.0.36 suffers from a remote code execution vulnerability.

tags | advisory, remote, code execution
SHA-256 | 83a2396f296801ed2a08e72a969bd88fa43d32d0b7e159e0cbba6bf14421588f
Microsoft Internet Explorer 9 MSHTML CDispNode::InsertSiblingNode Use-After-Free
Posted Dec 8, 2016
Authored by SkyLined

Microsoft Internet Explorer version 9 suffers from an MSHTML CDispNode::InsertSiblingNode use-after-free vulnerability.

tags | exploit
advisories | CVE-2013-1306
SHA-256 | 391989ad1173c144a4f9597886435a16e0b65b6502cd7fd4d5d45f1b77eada54
Netgear R7000 Command Injection
Posted Dec 8, 2016
Authored by Acew0rm

Netgear R7000 suffers from a command injection vulnerability.

tags | exploit
SHA-256 | 8a3bd3bed526f1b1ea246ef0805d27f0da0e7419534db12188712e2368d99170
Windows x64 Bind Shell TCP Shellcode
Posted Dec 8, 2016
Authored by Roziul Hasan Khan Shifat

508 bytes small Windows x64 bind shell TCP shellcode.

tags | shell, tcp, shellcode
systems | windows
SHA-256 | 033c378fbb4c4aa3050bd53ba4c5a36a47e8578b1899c71cde7dd3d1b6026185
Teaching An Old Dog (Not That New) Tricks - Stego In TCP/IP Made Easy Part 1
Posted Dec 8, 2016
Authored by John Torakis

Whitepaper called Teaching an Old Dog (not that new) Tricks - Stego in TCP/IP made easy (part-1).

tags | paper, tcp
SHA-256 | 2609fe4c9cec50d8edf00ef147f17aefe8eb757caecfacad445137627a2e39f9
Cisco Unified Communications Manager 7 / 8 / 9 Directory Traversal
Posted Dec 8, 2016
Authored by justpentest

A directory traversal vulnerability exists in the Cisco Unified Communications Manager administrative web interface. Versions 7.x, 8.x, and 9.x are all affected.

tags | exploit, web, file inclusion
systems | cisco
advisories | CVE-2013-5528
SHA-256 | 90a1467cf637291cc20ff682898da4623847a4334964390e03689220dcc9cb16
Red Hat Security Advisory 2016-2923-01
Posted Dec 8, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2923-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2015-5162
SHA-256 | 60e69b8d92e5e1a763a7e62903cd37fe6dee387abc469f015f3d0a63516347d6
Kernel Live Patch Security Notice LSN-0014-1
Posted Dec 8, 2016
Authored by Luis Henriques

Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local, tcp
systems | linux
advisories | CVE-2016-6480, CVE-2016-6828, CVE-2016-8655
SHA-256 | d8c13d40032210a719f70376fb50f745ce27eca4d0eb24c5096aaa2ba0e42b44
OpenSSH 7.2 Denial Of Service
Posted Dec 8, 2016
Authored by Kashinath T | Site secpod.com

OpenSSH versions 7.2 and below crypt CPU consumption denial of service exploit.

tags | exploit, denial of service
advisories | CVE-2016-6515
SHA-256 | 85813c4a45e54ff563c3ade3e42af0997614ba11790f829f24352c73b552928d
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close