what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files Date: 2017-02-06

OpenBSD HTTP Server 6.0 Denial Of Service
Posted Feb 6, 2017
Authored by Pierre Kim

OpenBSD HTTP server versions up to 6.0 suffer from a denial of service vulnerability.

tags | exploit, web, denial of service
systems | openbsd
advisories | CVE-2017-5850
SHA-256 | 8cb179fc0c44b36068a2fb1ea7d4c3cb44fce813eaf3de73953f10a2bfceac82
IVPN 2.6.6120.33863 Privilege Escalation
Posted Feb 6, 2017
Authored by Kacper Szurek

IVPN client for Windows version 2.6.6120.33863 suffers from a privilege escalation vulnerability.

tags | exploit
systems | windows
SHA-256 | 185ca326d2cd94de8b1329af37794cc1820633da437111c56654fc5ab4c827e5
PEAR HTML_AJAX 0.5.7 PHP Object Injection
Posted Feb 6, 2017
Authored by EgiX | Site karmainsecurity.com

PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.

tags | advisory, php
SHA-256 | a877061f0b6d62d2472442db37c2d5befc021bed71668051a5dc42fa2dc94d4e
Ubuntu Security Notice USN-3193-1
Posted Feb 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3193-1 - It was discovered that Nettle incorrectly mitigated certain timing side-channel attacks. A remote attacker could possibly use this flaw to recover private keys.

tags | advisory, remote
systems | linux, ubuntu
advisories | CVE-2016-6489
SHA-256 | c99d17b3cb1a2dada1c04033fbb63bba3e4fad5be7282f2c74817a38efe879fb
Red Hat Security Advisory 2017-0256-01
Posted Feb 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0256-01 - QuickStart Cloud Installer is designed to drastically simplify the deployment experience of provisioning your private cloud infrastructure by orchestrating the installation work flow across different products. Instead of installing each product separately, QCI provides an intuitive, web-based graphical user interface to provision a fully functional cloud environment based on the combination of products selected by the user. Security Fix: It was found that several password fields in QCI failed to properly mask the password while it was being entered. An attacker with physical access or the ability to view the screen would be able to see the passwords as they are being entered, allowing them to later access accounts and services protected by those passwords.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-7060
SHA-256 | 90a8655a6f83725dc40b8f9c81c27557f74ec39c5147bf98ed5b387dc003d85d
HPE Security Bulletin HPESBUX03699 SSRT110304 1
Posted Feb 6, 2017
Authored by Hewlett Packard Enterprise | Site hpe.com

HPE Security Bulletin HPESBUX03699 SSRT110304 1 - Potential security vulnerabilities have been identified in the HP-UX BIND service running named. These vulnerabilities could be exploited remotely to create multiple Denial of Services (DoS). Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2016-8864, CVE-2016-9131, CVE-2016-9444
SHA-256 | 4974b51e04bbd38c78bbd5e625800c16ba179f3441f644b2d153bb4599487f1b
Questions And Answers Script 2.0.0 SQL Injection
Posted Feb 6, 2017
Authored by Ihsan Sencan

Questions and Answers Script version 2.0.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8daeb4975b605e321aca5026b011c5e55a914f85ebbc63f5891d7204628399c9
Ubuntu Security Notice USN-3192-1
Posted Feb 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3192-1 - Saulius Lapinskas discovered that Squid incorrectly handled processing HTTP conditional requests. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. Felix Hassert discovered that Squid incorrectly handled certain HTTP Request headers when using the Collapsed Forwarding feature. A remote attacker could possibly use this issue to obtain sensitive information related to other clients' browsing sessions. This issue only applied to Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2016-10002, CVE-2016-10003
SHA-256 | ecc79a8400c481bb6a4ba233b597c5ac2df390712e0587e5c7d78454b95f39f8
Ubuntu Security Notice USN-3191-1
Posted Feb 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3191-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

tags | advisory, remote, web, denial of service, arbitrary, javascript, code execution, xss
systems | linux, ubuntu
advisories | CVE-2016-7586, CVE-2016-7589, CVE-2016-7592, CVE-2016-7599, CVE-2016-7623, CVE-2016-7632, CVE-2016-7635, CVE-2016-7639, CVE-2016-7641, CVE-2016-7645, CVE-2016-7652, CVE-2016-7654, CVE-2016-7656
SHA-256 | 6a9ad9f78860c7c8393926f85e57df542778c6ae67a0c9dabc9778fd8af0574b
Red Hat Security Advisory 2017-0252-01
Posted Feb 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0252-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix: It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources.

tags | advisory, remote, denial of service, protocol
systems | linux, redhat
advisories | CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311
SHA-256 | e1bad53734e5d3bf7a50e7a4efe74c3ec410e5733fd4963d1997818ac1dd059f
Gentoo Linux Security Advisory 201702-02
Posted Feb 6, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201702-2 - Multiple vulnerabilities have been found in RTMPDump, the worst of which could lead to arbitrary code execution. Versions less than 2.4_p20161210 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
SHA-256 | b5c502c26bd9816c054febb41de36acc73347b846ae8d28895edc4976323c149
Red Hat Security Advisory 2017-0253-01
Posted Feb 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0253-01 - The Simple Protocol for Independent Computing Environments is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix: A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution.

tags | advisory, remote, overflow, kernel, local, code execution, protocol
systems | linux, redhat
advisories | CVE-2016-9577, CVE-2016-9578
SHA-256 | 3b05e371a8595c3a3a6ba71be3971ec45d371772de224a05c43bbab4abe10677
Debian Security Advisory 3781-1
Posted Feb 6, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3781-1 - Luc Lynx discovered that SVG Salamander, a SVG engine for Java was susceptible to server side request forgery.

tags | advisory, java
systems | linux, debian
advisories | CVE-2017-5617
SHA-256 | 8b00da1a2c1f8f08c6c0ef0212d683658eb30aa83ae3b8aad3bc0f9bb00f2844
POSNIC 1.03 Shell Upload
Posted Feb 6, 2017
Authored by Rony Das

POSNIC version 1.03 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | b0659cc1ef1702e8795081214734b821aa8dc6052f86b9ec6400a8635f7f89ef
Amsterdam Technical Colloquium Call For Papers
Posted Feb 6, 2017
Site first.org

The first annual Amsterdam Technical Colloquium (TC) has announced its call for speakers. It will take place in Amsterdam, Netherlands from April 25th through the 26th, 2017.

tags | paper, conference
SHA-256 | 426cd8f55e9daff8e03361ab5a56838e2d6a0d251e007142000510588b5aa8ee
NewsBee CMS SQL Injection
Posted Feb 6, 2017
Authored by Kaan KAMIS

NewsBee CMS suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | eaaba667504693eaacaa8e46f660ec88f2feee056cd07d438c745b0e34485965
Teleopti WFM 7.1.0 Information Disclosure / Access Controls
Posted Feb 6, 2017
Authored by Nicholas Lehman

Teleopti WFM versions 7.1.0 and below suffer from information disclosure and access control vulnerabilities.

tags | exploit, vulnerability, bypass, info disclosure
SHA-256 | 6df9b06f877e2194fd3f0328fcc2aa7b53ddb69793bcb8827f9d5a35176c8d68
ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass
Posted Feb 6, 2017
Authored by John Marzella

Various ZoneMinder versions suffer from authentication bypass, cross site request forgery, cross site scripting, information disclosure, and file disclosure vulnerabilities.

tags | exploit, vulnerability, xss, info disclosure, csrf
advisories | CVE-2016-10140, CVE-2017-5367, CVE-2017-5368, CVE-2017-5595
SHA-256 | f68406098b52c99e74b1f00852c84f5caac953bfa36f870cdd77222ec5580f4d
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close