seeing is believing
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-02-06

OpenBSD HTTP Server 6.0 Denial Of Service
Posted Feb 6, 2017
Authored by Pierre Kim

OpenBSD HTTP server versions up to 6.0 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
systems | openbsd
advisories | CVE-2017-5850
MD5 | a57c0e5bc7595c3696deb558b8b3eb1f
IVPN 2.6.6120.33863 Privilege Escalation
Posted Feb 6, 2017
Authored by Kacper Szurek

IVPN client for Windows version 2.6.6120.33863 suffers from a privilege escalation vulnerability.

tags | exploit
systems | windows
MD5 | 2e33e44ecee081e6ed4044dac77bff10
PEAR HTML_AJAX 0.5.7 PHP Object Injection
Posted Feb 6, 2017
Authored by EgiX | Site karmainsecurity.com

PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | d2e6428ee37fd292066c41b75c9463b4
Ubuntu Security Notice USN-3193-1
Posted Feb 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3193-1 - It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-6489
MD5 | 9646ba70bb8d9c6db8bc4899d9d38336
Red Hat Security Advisory 2017-0256-01
Posted Feb 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0256-01 - QuickStart Cloud Installer is designed to drastically simplify the deployment experience of provisioning your private cloud infrastructure by orchestrating the installation work flow across different products. Instead of installing each product separately, QCI provides an intuitive, web-based graphical user interface to provision a fully functional cloud environment based on the combination of products selected by the user. Security Fix: It was found that several password fields in QCI failed to properly mask the password while it was being entered. An attacker with physical access or the ability to view the screen would be able to see the passwords as they are being entered, allowing them to later access accounts and services protected by those passwords.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-7060
MD5 | 0050ca6240a2d15cba3f8b1035c50307
HP Security Bulletin HPESBUX03699 SSRT110304 1
Posted Feb 6, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBUX03699 SSRT110304 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-8864, CVE-2016-9131, CVE-2016-9444
MD5 | 683fd971dea303fce87a3d5af3bc421b
Questions And Answers Script 2.0.0 SQL Injection
Posted Feb 6, 2017
Authored by Ihsan Sencan

Questions and Answers Script version 2.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a327f74160799be0acaeaf0f37a4729c
Ubuntu Security Notice USN-3192-1
Posted Feb 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3192-1 - Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. Felix Hassert discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2016-10002, CVE-2016-10003
MD5 | ff5dc4015efb2f1aecb6b812d7a076f8
Ubuntu Security Notice USN-3191-1
Posted Feb 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3191-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2016-7586, CVE-2016-7589, CVE-2016-7592, CVE-2016-7599, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7641, CVE-2016-7645, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
MD5 | fcbdb8dd1734367f07f389de62be6b66
Red Hat Security Advisory 2017-0252-01
Posted Feb 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0252-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311
MD5 | d27eb248d654333b1e45ed56dfbc614a
Gentoo Linux Security Advisory 201702-02
Posted Feb 6, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-2 - Multiple vulnerabilities have been found in RTMPDump, the worst of which could lead to arbitrary code execution. Versions less than 2.4_p20161210 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
MD5 | 1d81f8f629c61fe0a225c577d7ee6cc3
Red Hat Security Advisory 2017-0253-01
Posted Feb 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0253-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix: A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution.

tags | advisory, remote, overflow, kernel, local, code execution, protocol
systems | linux, redhat
advisories | CVE-2016-9577, CVE-2016-9578
MD5 | 5021d72244b7e9be926c8a2dc2812e2a
Debian Security Advisory 3781-1
Posted Feb 6, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3781-1 - Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery.

tags | advisory, java
systems | linux, debian
advisories | CVE-2017-5617
MD5 | cd30be2e2fefb4c9732927e5f6e034fd
POSNIC 1.03 Shell Upload
Posted Feb 6, 2017
Authored by Rony Das

POSNIC version 1.03 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 99dc2d4efd1adf01f95921ec21ad59a8
Amsterdam Technical Colloquium Call For Papers
Posted Feb 6, 2017
Site first.org

The first annual Amsterdam Technical Colloquium (TC) has announced its call for speakers. It will take place in Amsterdam, Netherlands from April 25th through the 26th, 2017.

tags | paper, conference
MD5 | 2b3f96eb8a934bc9de9ee7fd4c4afd50
NewsBee CMS SQL Injection
Posted Feb 6, 2017
Authored by Kaan KAMIS

NewsBee CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 20c6240c9aff73ff4fc3aa9403b05ca2
Teleopti WFM 7.1.0 Information Disclosure / Access Controls
Posted Feb 6, 2017
Authored by Nicholas Lehman

Teleopti WFM versions 7.1.0 and below suffer from information disclosure and access control vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
MD5 | 1133a372a23e9c272a0b773d0ee34243
ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
Posted Feb 6, 2017
Authored by John Marzella

Various ZoneMinder versions suffer from authentication bypass, cross site request forgery, cross site scripting, information disclosure, and file disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2016-10140, CVE-2017-5367, CVE-2017-5368, CVE-2017-5595
MD5 | 211d28bb4066b1fdea6844a5771115b3
Page 1 of 1
Back1Next

File Archive:

October 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    15 Files
  • 2
    Oct 2nd
    16 Files
  • 3
    Oct 3rd
    15 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    11 Files
  • 6
    Oct 6th
    6 Files
  • 7
    Oct 7th
    2 Files
  • 8
    Oct 8th
    1 Files
  • 9
    Oct 9th
    13 Files
  • 10
    Oct 10th
    16 Files
  • 11
    Oct 11th
    15 Files
  • 12
    Oct 12th
    23 Files
  • 13
    Oct 13th
    13 Files
  • 14
    Oct 14th
    12 Files
  • 15
    Oct 15th
    2 Files
  • 16
    Oct 16th
    16 Files
  • 17
    Oct 17th
    16 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close