what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 393 RSS Feed

Files Date: 2015-07-01 to 2015-07-31

Red Hat Security Advisory 2015-1512-01
Posted Jul 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1512-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-3214, CVE-2015-5154
SHA-256 | 530e72ca2188050dcc033500673eaf1070ae047e520dfe654e66a7a68f67e08a
Ubuntu Security Notice USN-2690-1
Posted Jul 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2690-1 - Andy Lutomirski discovered a flaw in the Linux kernel's handling of nested NMIs (non-maskable interrupts). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or potentially escalate their privileges. Colin King discovered a flaw in the add_key function of the Linux kernel's keyring subsystem. A local user could exploit this flaw to cause a denial of service (memory exhaustion). Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2015-1333, CVE-2015-3290, CVE-2015-3291, CVE-2015-5157
SHA-256 | aa51a0821d1a02548dc2de024d18926f5f95a5bc133a2d69ec6f69a16f43f629
Ubuntu Security Notice USN-2693-1
Posted Jul 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2693-1 - Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service. Pories Ediansyah discovered that Bind incorrectly handled certain configurations involving DNS64. A remote attacker could use this issue with a specially crafted query to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2012-5689, CVE-2015-5477
SHA-256 | 411a9a7a936c5f60b5b0c9ee6179ab5f35060ebe8eb34ca0a134a30178867dec
Debian Security Advisory 3319-1
Posted Jul 29, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3319-1 - Jonathan Foote discovered that the BIND DNS server does not properly handle TKEY queries. A remote attacker can take advantage of this flaw to mount a denial of service via a specially crafted query triggering an assertion failure and causing BIND to exit.

tags | advisory, remote, denial of service
systems | linux, debian
advisories | CVE-2015-5477
SHA-256 | 124c5fcbeb1e34ffacc02e1644ac9241c1c0c30394399fdfcaee30e61f38d695
Ubuntu Security Notice USN-2692-1
Posted Jul 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2692-1 - Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-3214, CVE-2015-5154, CVE-2015-5158
SHA-256 | 3ce14f5f91a3957a62189bc98416489ca3815723c67a8c178b27bc6f07b581b9
FreeBSD Security Advisory - patch Shell Injection
Posted Jul 28, 2015
Authored by Martin Natano | Site security.freebsd.org

FreeBSD Security Advisory - Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to run commands in addition to the desired SCCS or RCS commands.

tags | advisory
systems | freebsd
advisories | CVE-2015-1416
SHA-256 | a20c17eaa0d678a6581f823ffc677e815ad4e27a81210c150dd342d5e8c22101
HP Security Bulletin HPSBGN03372 1
Posted Jul 28, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03372 1 - A potential security vulnerability has been identified with HP Business Process Monitor. Note: This is the RC4 vulnerability known as Bar Mitzvah, which could be exploited remotely to allow disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2015-2808
SHA-256 | 9b73db045d143da79cc2c0b338b19a878898416fc761a2f8ac5e5472198a95e2
Slackware Security Advisory - bind Updates
Posted Jul 28, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New bind packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-5477
SHA-256 | 47135340b739a1ab5941e190a120381ca58ea3ea6256090a806959d64b20f10e
FreeBSD Security Advisory - BIND Denial Of Service
Posted Jul 28, 2015
Site security.freebsd.org

FreeBSD Security Advisory - A remote attacker can trigger a crash of a name server. Both recursive and authoritative servers are affected, and the exposure can not be mitigated by either ACLs or configuration options limiting or denying service because the exploitable code occurs early in the packet handling, before checks enforcing those boundaries.

tags | advisory, remote
systems | freebsd
advisories | CVE-2015-5477
SHA-256 | 846c53d6de99a6145a851883cd99b3ff6c32854a6c9e0c92a215d8bd9d16df91
FreeBSD Security Advisory - OpenSSH Record Check
Posted Jul 28, 2015
Site security.freebsd.org

FreeBSD Security Advisory - OpenSSH clients does not correctly verify DNS SSHFP records when a server offers a certificate. OpenSSH servers which are configured to allow password authentication using PAM (default) would allow many password attempts.

tags | advisory
systems | freebsd
advisories | CVE-2014-2653, CVE-2015-5600
SHA-256 | 5a62702946b5a02f2793adee927547243f7fc23df83ae91a601fe9c2411fbd69
OpenBSD Local Denial Of Service
Posted Jul 28, 2015
Authored by Maxime Villard

OpenBSD local memory leak denial of service proof of concept exploit.

tags | exploit, denial of service, local, proof of concept, memory leak
systems | openbsd
SHA-256 | 06d406bc1d28a340f4d6972266ba9eb949cc47eb9f49a4aec013a294a61bafe6
WordPress Advance Categorizer 0.3 Cross Site Scripting
Posted Jul 28, 2015
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

WordPress Advanced Categorizer plugin version 0.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 6fadf0a68a68d7a2224dead0e386baaf4e4a60df0ceff53723283c9beb898aec
WordPress F/T/G Social Widgets 1.3.7 Cross Site Scripting
Posted Jul 28, 2015
Authored by Morten Nortoft, Kenneth Jepsen, Mikkel Vej

WordPress Facebook, Twitter, and Google+ Social Widgets plugin version 1.3.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 3290a2bb90bb054c2c4c266867566c028da4101297cd2c8c4f96794c20e77af9
phpFileManager 0.9.8 Remote Command Execution / CSRF
Posted Jul 28, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

phpFileManager version 0.9.8 suffers from a remote command execution vulnerability that can be leveraged via cross site request forgery.

tags | exploit, remote
advisories | CVE-2015-5958
SHA-256 | fd512bf32f9f9fc9a3b430ad2e4494742e35537f8aa5ba31a79fa463585369d4
Basware Banking/Maksuliikenne Software Hardcoded Creds / Client Checks
Posted Jul 28, 2015
Authored by Ronja Addams-Moring, Samuel Lavitt

Basware Banking/Maksuliikenne software suffers from hard-coded credentials, client-side auth checks, and other issues.

tags | advisory
advisories | CVE-2015-0942, CVE-2015-0943
SHA-256 | 20e493f8d0e70a0df374b32c5df84932a6164d9879098f4b621ab7f348013a2b
FreeBSD Security Advisory - TCP Reassembly Resource Exhaustion
Posted Jul 28, 2015
Authored by Patrick Kelsey | Site security.freebsd.org

FreeBSD Security Advisory - There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs attached to reassembly queues can grow to the total number of mbufs in the system, at which point all network traffic would cease. An attacker who can establish concurrent TCP connections across a sufficient number of VNETs and manipulate the inbound packet streams such that the maximum number of mbufs are enqueued on each reassembly queue can cause mbuf cluster exhaustion on the target system, resulting in a Denial of Service condition. As the default per-VNET limit on the number of segments that can belong to reassembly queues is 1/16 of the total number of mbuf clusters in the system, only systems that have 16 or more VNET instances are vulnerable.

tags | advisory, denial of service, tcp
systems | freebsd
advisories | CVE-2015-1417
SHA-256 | 4651dfbd0c91abc16de434dacb94a6bbd086b3657240c2386bbf868ee0921266
McAfee Application Control Bypass / Driver Issues
Posted Jul 28, 2015
Authored by Rene Freingruber | Site sec-consult.com

McAfee Application Control version 6.1.3.353 suffers from multiple vulnerabilities including insufficient whitelist protection and bypass issues.

tags | advisory, vulnerability
SHA-256 | 56a0d4447cb0bd7f7b3072dc871f8d24fc7433bff2511b0d379a1e91aadfd4dc
WordPress Flickr Justified Gallery 3.3.6 Cross Site Scripting
Posted Jul 28, 2015
Authored by Tom Adams

WordPress Flickr Justified Gallery plugin version 3.3.6 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 976c6087ecb03d8b8cae5e43e9e600acaa4392bab73a3bae21e132826b40bada
D-Link DCS-2103 1.20 CSRF / Cross Site Scripting
Posted Jul 28, 2015
Authored by MustLive

D-Link DCS-2103 version 1.20 suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 4d98416040832150a16ffa2a1c213edb24bd98271d14dbe192d4aa550a9fd010
Tendoo CMS 1.3 Cross Site Scripting
Posted Jul 28, 2015
Authored by Arash Khazaei

Tendoo CMS version 1.3 suffers from stored and reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | cd9b09823f3b4f903977a3d92b3b7084b6e40bcacb0756fc6aafefeeafb8108a
Red Hat Security Advisory 2015-1510-01
Posted Jul 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1510-01 - Clutter is a library for creating fast, visually rich, graphical user interfaces. Clutter is used for rendering the GNOME desktop environment. A flaw was found in the way clutter processed certain mouse and touch gestures. An attacker could use this flaw to bypass the screen lock. All clutter users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using clutter must be restarted for the update to take effect.

tags | advisory
systems | linux, redhat
advisories | CVE-2015-3213
SHA-256 | 050bb143bd5ebf35de0eb647bca94245ab7398ef9d5e39a5df3bb9cb634f9a0f
Ubuntu Security Notice USN-2686-1
Posted Jul 27, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2686-1 - It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass intended access restrictions. This issue only affected Ubuntu 14.04 LTS and Ubuntu 15.04. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2015-3183, CVE-2015-3185
SHA-256 | 3c6254fd60e8dfa90b9d54b8281fd49cf2896d7495e64eaffb88a8ceccf7aed2
Foxit Reader 7.1.5 Arbitrary Code Execution
Posted Jul 27, 2015
Authored by Sascha Schirra

Foxit Reader versions 7.0.8 through 7.1.5 suffer from a PNG conversion parsing tEXt chunk arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
SHA-256 | 9da8a1034afb8dd1ecf6f36562d0356f8048cf0ebf078c27562a216194531c8e
Hawkeye-G 3.0.1.4912 Cross Site Scripting / Information Leakage
Posted Jul 27, 2015
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Hawkeye-G version 3.0.1.4912 suffers from cross site scripting and information leakage vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | dedfab25cf599a5d471846668f02839f82db68639796aad291a1a95774f4e305
Seditio CMS 1.7.1 Password Disclosure
Posted Jul 27, 2015
Authored by Arash Khazaei

Seditio CMS version 1.7.1 suffers from an administrator password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 1780346582854c7fdc89148449d9eeb1ad330538db092f6b047b6f4ff3c1e490
Page 2 of 16
Back12345Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close