Exploit the possiblities
Showing 1 - 15 of 15 RSS Feed

Files Date: 2017-07-06

Barracuda WAF V360 Firmware 8.0.1.014 Username / Session ID Leak
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

The Barracuda WAF management application transmits the current user and session identifier over HTTP GET. Firmware version 8.0.1.014 is affected.

tags | exploit, web
MD5 | 6a4ac3abbfee6355517319f7d35839ce
Barracuda WAF V360 Firmware 8.0.1.014 Grub Password Complexity
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

The grub password for all Barracuda WAF V360 virtual appliances is four characters in length and, as a result, may be trivially easy to crack. Firmware version 8.0.1.014 is affected.

tags | exploit
MD5 | 457c2a997735435dfef8ab76ca6ff141
Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive information such as authentication credentials used by internal developers. Firmware version 8.0.1.014 is affected.

tags | exploit, web
MD5 | 294601501b6c14d834d8d86848392759
Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell
Posted Jul 6, 2017
Authored by Matthew Bergin, Joshua Hardin | Site korelogic.com

Firmware reversing of the Barracuda Web Application Firewall uncovered debug features that should have been removed on the production images. Appending a debugging statement onto a grub configuration line leads to an early boot root shell. Firmware version 8.0.1.014 is affected.

tags | exploit, web, shell, root
MD5 | f6f41f262997fb113e39f15d6d42c39c
Red Hat Security Advisory 2017-1712-01
Posted Jul 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1712-01 - Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options. Security Fix: It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. The underlying container image was also rebuilt to resolve other security issues.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2017-1000364, CVE-2017-1000366, CVE-2017-7502, CVE-2017-7512
MD5 | 956dddcd24d616d3e3eb9855a25dca7e
Red Hat Security Advisory 2017-1685-01
Posted Jul 6, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1685-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically. The following packages have been upgraded to a later upstream version: ansible. Multiple security issues have been addressed.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2016-8647, CVE-2016-9587, CVE-2017-7466
MD5 | 084dc8c61b5bccdb4f01fcf963d46fc5
Debian Security Advisory 3903-1
Posted Jul 6, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3903-1 - Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2016-10095, CVE-2017-10688, CVE-2017-9147, CVE-2017-9403, CVE-2017-9404, CVE-2017-9936
MD5 | f22eb4c31adb069462aeb0325c0caef3
Ubuntu Security Notice USN-3321-1
Posted Jul 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3321-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information or execute arbitrary code. Multiple security issues were discovered in the Graphite 2 library used by Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778
MD5 | 287375d513bdda9fae3735c80fba55bf
Debian Security Advisory 3902-1
Posted Jul 6, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3902-1 - It was discovered that jabberd2, a Jabber instant messenger server, allowed anonymous SASL connections, even if disabled in the configuration.

tags | advisory
systems | linux, debian
advisories | CVE-2017-10807
MD5 | cfd5ac1f570771e667c6d763bf8e068e
Ubuntu Security Notice USN-3349-1
Posted Jul 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3349-1 - Yihan Lian discovered that NTP incorrectly handled certain large request data values. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, spoof
systems | linux, ubuntu
advisories | CVE-2016-2519, CVE-2016-7426, CVE-2016-7427, CVE-2016-7428, CVE-2016-7429, CVE-2016-7431, CVE-2016-7433, CVE-2016-7434, CVE-2016-9042, CVE-2016-9310, CVE-2016-9311, CVE-2017-6458, CVE-2017-6460, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464
MD5 | f7f3fa44faf862974b40f78bbb8b5cbc
Ubuntu Security Notice USN-3348-1
Posted Jul 6, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3348-1 - It was discovered that Samba incorrectly handled dangling symlinks. A remote attacker could possibly use this issue to cause Samba to hang, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. In addition, this update fixes a regression introduced by USN-3267-1 that caused Samba to incorrectly handle non-wide symlinks to directories.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-9461
MD5 | 1a8e33061827bcdecdb8dac866c560a6
LibTIFF 4.0.7 _TIFFVGetField (tiffsplit) Out-Of-Bounds Read
Posted Jul 6, 2017
Authored by zhangtan

LibTIFF version 4.0.7 suffers from a _TIFFVGetField (tiffsplit) out-of-bounds read vulnerability.

tags | exploit
advisories | CVE-2017-9147
MD5 | afc5e646b7dac9016971a17ffe1e96c4
LibTIFF 4.0.8 tif_jbig.c Denial Of Service
Posted Jul 6, 2017
Authored by Team OWL337

LibTIFF versions 4.0.8 and below suffer from a denial of service vulnerability in tif_jbig.c.

tags | exploit, denial of service
advisories | CVE-2017-9936
MD5 | 3899927d4c7816ac1ef9e86c163aae4f
HP Security Bulletin HPSBMU02933 3
Posted Jul 6, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02933 3 - A potential security vulnerability has been identified with HPE SiteScope's loadFileContents SOAP features. The vulnerabilities could be exploited to allow remote code execution, arbitrary file download and Denial of Service (DoS). Revision 3 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2013-4835, CVE-2013-6207
MD5 | b46d2429d4e90e14ac66308021a9d4e2
LibTIFF tif_dirwrite.c Denial Of Service
Posted Jul 6, 2017
Authored by Team OWL337

LibTIFF suffers from a denial of service vulnerability in tif_dirwrite.c.

tags | exploit, denial of service
advisories | CVE-2017-10688
MD5 | 547108f7aef0ec807be09ee577744000
Page 1 of 1
Back1Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close