Exploit the possiblities
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-02-06

OpenBSD HTTP Server 6.0 Denial Of Service
Posted Feb 6, 2017
Authored by Pierre Kim

OpenBSD HTTP server versions up to 6.0 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
systems | openbsd
advisories | CVE-2017-5850
MD5 | a57c0e5bc7595c3696deb558b8b3eb1f
IVPN 2.6.6120.33863 Privilege Escalation
Posted Feb 6, 2017
Authored by Kacper Szurek

IVPN client for Windows version 2.6.6120.33863 suffers from a privilege escalation vulnerability.

tags | exploit
systems | windows
MD5 | 2e33e44ecee081e6ed4044dac77bff10
PEAR HTML_AJAX 0.5.7 PHP Object Injection
Posted Feb 6, 2017
Authored by EgiX | Site karmainsecurity.com

PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.

tags | advisory, php
MD5 | d2e6428ee37fd292066c41b75c9463b4
Ubuntu Security Notice USN-3193-1
Posted Feb 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3193-1 - It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-6489
MD5 | 9646ba70bb8d9c6db8bc4899d9d38336
Red Hat Security Advisory 2017-0256-01
Posted Feb 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0256-01 - QuickStart Cloud Installer is designed to drastically simplify the deployment experience of provisioning your private cloud infrastructure by orchestrating the installation work flow across different products. Instead of installing each product separately, QCI provides an intuitive, web-based graphical user interface to provision a fully functional cloud environment based on the combination of products selected by the user. Security Fix: It was found that several password fields in QCI failed to properly mask the password while it was being entered. An attacker with physical access or the ability to view the screen would be able to see the passwords as they are being entered, allowing them to later access accounts and services protected by those passwords.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-7060
MD5 | 0050ca6240a2d15cba3f8b1035c50307
HP Security Bulletin HPESBUX03699 SSRT110304 1
Posted Feb 6, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBUX03699 SSRT110304 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-8864, CVE-2016-9131, CVE-2016-9444
MD5 | 683fd971dea303fce87a3d5af3bc421b
Questions And Answers Script 2.0.0 SQL Injection
Posted Feb 6, 2017
Authored by Ihsan Sencan

Questions and Answers Script version 2.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | a327f74160799be0acaeaf0f37a4729c
Ubuntu Security Notice USN-3192-1
Posted Feb 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3192-1 - Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. Felix Hassert discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2016-10002, CVE-2016-10003
MD5 | ff5dc4015efb2f1aecb6b812d7a076f8
Ubuntu Security Notice USN-3191-1
Posted Feb 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3191-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2016-7586, CVE-2016-7589, CVE-2016-7592, CVE-2016-7599, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7641, CVE-2016-7645, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
MD5 | fcbdb8dd1734367f07f389de62be6b66
Red Hat Security Advisory 2017-0252-01
Posted Feb 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0252-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311
MD5 | d27eb248d654333b1e45ed56dfbc614a
Gentoo Linux Security Advisory 201702-02
Posted Feb 6, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-2 - Multiple vulnerabilities have been found in RTMPDump, the worst of which could lead to arbitrary code execution. Versions less than 2.4_p20161210 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
MD5 | 1d81f8f629c61fe0a225c577d7ee6cc3
Red Hat Security Advisory 2017-0253-01
Posted Feb 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0253-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix: A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution.

tags | advisory, remote, overflow, kernel, local, code execution, protocol
systems | linux, redhat
advisories | CVE-2016-9577, CVE-2016-9578
MD5 | 5021d72244b7e9be926c8a2dc2812e2a
Debian Security Advisory 3781-1
Posted Feb 6, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3781-1 - Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery.

tags | advisory, java
systems | linux, debian
advisories | CVE-2017-5617
MD5 | cd30be2e2fefb4c9732927e5f6e034fd
POSNIC 1.03 Shell Upload
Posted Feb 6, 2017
Authored by Rony Das

POSNIC version 1.03 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 99dc2d4efd1adf01f95921ec21ad59a8
Amsterdam Technical Colloquium Call For Papers
Posted Feb 6, 2017
Site first.org

The first annual Amsterdam Technical Colloquium (TC) has announced its call for speakers. It will take place in Amsterdam, Netherlands from April 25th through the 26th, 2017.

tags | paper, conference
MD5 | 2b3f96eb8a934bc9de9ee7fd4c4afd50
NewsBee CMS SQL Injection
Posted Feb 6, 2017
Authored by Kaan KAMIS

NewsBee CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 20c6240c9aff73ff4fc3aa9403b05ca2
Teleopti WFM 7.1.0 Information Disclosure / Access Controls
Posted Feb 6, 2017
Authored by Nicholas Lehman

Teleopti WFM versions 7.1.0 and below suffer from information disclosure and access control vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
MD5 | 1133a372a23e9c272a0b773d0ee34243
ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
Posted Feb 6, 2017
Authored by John Marzella

Various ZoneMinder versions suffer from authentication bypass, cross site request forgery, cross site scripting, information disclosure, and file disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2016-10140, CVE-2017-5367, CVE-2017-5368, CVE-2017-5595
MD5 | 211d28bb4066b1fdea6844a5771115b3
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    1 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close